Blog Posts Tagged with "Testing"
November 04, 2012 Added by:Rafal Los
Conversation today was around tools and use-cases for the tools in the stream of creating more secure software. My experience in this industry over the last several years has taught me that you have to fashion the tools to the use-case. Even if you give me a fantastic hammer I still won't be a great carpenter...
October 14, 2012 Added by:Gene Kim
By integrating automated security testing into the deployment pipeline, just as the functional and integration tests are, information security testing becomes part of the daily operations of Development. As a result, security defects are found and fixed more quickly than ever...
September 12, 2012 Added by:Dan Dieterle
The amount of time many companies spend on patching, the problems they have deploying patches, the perception that patching causes problems, and a general lack of understanding about what it takes to patch, all combine to make patching such a major issue...
September 12, 2012 Added by:Rafal Los
I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...
September 09, 2012 Added by:Tripwire Inc
Although Neil Armstrong is the hero of the Apollo 11 story, the planning, management, complexity and technology for the mission is often overlooked. Iit were not for testing and assessing risks associated with the systems the lunar landing would not have been a success...
September 05, 2012 Added by:Fergal Glynn
When dynamic scanning engines were first designed they were primarily tools for penetration testers to use on a few select web applications deemed critical enough to warrant serious testing. But times have changed, every Internet facing application is now a potential attack surface...
August 23, 2012 Added by:Brent Huston
Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...
August 15, 2012 Added by:Rafal Los
What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...
August 13, 2012 Added by:Rafal Los
I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...
August 09, 2012 Added by:Brent Huston
There is still room for improvement in the smart grid space: Encryption versus encoding, modern development security, JTAG protection, input validation and the usual application security shortcomings that the web and other platforms are struggling with. Default passwords, crypto keys and configurations still abound...
July 30, 2012 Added by:Richard Stiennon
Hardening systems is one of the most important things you can do counter targeted attacks, yet most organizations have yet to operationalize the process. I understand how hard -and expensive- it is. And it is easy for an analyst to wave the flag of “Patch now!” So forgive me for giving hard advice...
July 25, 2012 Added by:Fergal Glynn
Dynamic Application Security Testing (DAST) tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated. We should not gage the effectiveness of a scanner by only looking at the results from scanning these public test sites...
July 18, 2012 Added by:Rafal Los
From organizations that don't care about the security of their applications to to those that follow "best practices", to those that never stop spending money and trying to improve - they all have one thing in common: They've experienced a security incident of varying levels of calamity...
July 18, 2012 Added by:Electronic Frontier Foundation
By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...
July 17, 2012 Added by:Brandon Knight
One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...
July 13, 2012 Added by:Infosec Island Admin
"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013