Software

F2792196079f2c16cd02be6e9ff5b3da

Why Open Source is Not Always the Best Bet

July 02, 2012 Added by:DHANANJAY ROKDE

Although open source software appears fantastic at the outset, they often come with an indirect price to pay, and it takes a lot of time for the organization to realize this. If your organization is hit by the ‘using open source to reduce costs’ wave, here are a few points you to look at before taking the leap...

Comments  (1)

Af9c34417f8e5e0d240850bb353b5d40

In Secure Programming, the Documentation Matters Too

June 28, 2012 Added by:Keith Mendoza

Some will argue that using the documentation is a cop out; that it's more of a liability protection than "secure programming". I would argue that the documentation should be part of the "secure programming" practice because it makes it clear to everyone what they should expect from the application...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Security and Privacy for Microsoft Office 2010 Users

June 27, 2012 Added by:Ben Rothke

Encryption, privacy, data protection, and macro security are but a few of the vital capabilities for anyone using Microsoft Office - or any office suite for that matter. Author Mitch Tulloch shows how to take control of the Microsoft Office 2010 experience and use the many security and privacy features...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Path to NoOps is Through the Cloud

June 12, 2012 Added by:Rafal Los

So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

What's in a Name: Does DevOps Need a Security Flavor?

June 12, 2012 Added by:Rafal Los

Lots of folks are trying to remove bottlenecks between development and deployment within an organization to get IT to a more agile state. Every once in a while someone talks about security - I've been trying to figure out whether and how we should be discussing the DevOps and security relationship...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The (Hidden) Cost of Security Fixes in Enterprise Software

May 29, 2012 Added by:Rafal Los

Who should pay for fixes necessary to patch security defects in software? The question is deeper than whether fixes should be made available free of charge for software components that are found to contain issues. There are more costs than simply acquiring the fix here, which is where the conversation changes...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Metasploit: The Penetration Tester’s Guide - A Review

May 28, 2012 Added by:Dan Dieterle

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...

Comments  (0)

F2792196079f2c16cd02be6e9ff5b3da

Why AppSec Won't Always Bail You Out

May 24, 2012 Added by:DHANANJAY ROKDE

The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

NoOps and the Role of Infosec in Software Development

May 23, 2012 Added by:Rafal Los

The NoOps approach to software provides an opportunity to tightly integrate security, but we've got to get it right. If you can implement security during these cycles, spend time analyzing how workstreams will flow and what tools will be used to standardize and automate...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Software Security: A Chief Financial Officer’s Perspective

May 15, 2012 Added by:Fergal Glynn

Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Webinar: Keeping Your Open Source Software Secure

May 09, 2012 Added by:Infosec Island Admin

Understand why collaboration is invaluable in keeping proprietary systems secure. Learn how to share private information in public forums without harming your organization. Identify what tools are available to your organization for collaboration, notification, and knowledge-sharing...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec Targeted in Source Code Extortion Scheme

May 06, 2012 Added by:Headlines

“Symantec’s internal information security team has analyzed the code that was posted and has determined it is NOT Symantec source code... this is NOT Norton source code that has been posted, this is not a hack of Norton... and this does no pose a threat in any way to Norton products..."

Comments  (0)

68b48711426f3b082ab24e5746a66b36

What’s Going Right with Your Secure Development Efforts?

May 04, 2012 Added by:Fergal Glynn

Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Mobile Applications Shouldn’t Roll Their Own Security

May 01, 2012 Added by:Brent Huston

Many of the applications being designed are being done so by scrappy, product oriented developers. This is not a bad thing for innovation - in fact just the opposite - but it can be a bad thing for safety, privacy and security...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Reflections on Ten years of Software Security

April 21, 2012 Added by:Rafal Los

Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »