Blog Posts Tagged with "Testing"

0a8cae998f9c51e3b3c0ccbaddf521aa

The secret of incorporating security into functional testing

November 04, 2012 Added by:Rafal Los

Conversation today was around tools and use-cases for the tools in the stream of creating more secure software. My experience in this industry over the last several years has taught me that you have to fashion the tools to the use-case. Even if you give me a fantastic hammer I still won't be a great carpenter...

Comments  (0)

A1f4c2dd4be7f118911ec4e0df35aab1

Believe It or Not, DevOps and Infosec Are a Perfect Culture Match

October 14, 2012 Added by:Gene Kim

By integrating automated security testing into the deployment pipeline, just as the functional and integration tests are, information security testing becomes part of the daily operations of Development. As a result, security defects are found and fixed more quickly than ever...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Seven Tips to Improve Patch Management

September 12, 2012 Added by:Dan Dieterle

The amount of time many companies spend on patching, the problems they have deploying patches, the perception that patching causes problems, and a general lack of understanding about what it takes to patch, all combine to make patching such a major issue...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The SDLC Knowledge Gap in Motion: DevOps to the Rescue?

September 12, 2012 Added by:Rafal Los

I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Error Logs and Apollo 11: One Giant Step For Risk Management

September 09, 2012 Added by:Tripwire Inc

Although Neil Armstrong is the hero of the Apollo 11 story, the planning, management, complexity and technology for the mission is often overlooked. Iit were not for testing and assessing risks associated with the systems the lunar landing would not have been a success...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Securing Your Application Perimeter: What to Test for Vulnerabilities

September 05, 2012 Added by:Fergal Glynn

When dynamic scanning engines were first designed they were primarily tools for penetration testers to use on a few select web applications deemed critical enough to warrant serious testing. But times have changed, every Internet facing application is now a potential attack surface...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Which Application Testing is Right for Your Organization?

August 23, 2012 Added by:Brent Huston

Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Buggy out the Door: Externally Discovered Defects (EDD)

August 15, 2012 Added by:Rafal Los

What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Unsafe at Any Speed: Enterprises Misunderstand Software Quality

August 13, 2012 Added by:Rafal Los

I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Smart Grid Security: Getting Better, But Needs Improvement

August 09, 2012 Added by:Brent Huston

There is still room for improvement in the smart grid space: Encryption versus encoding, modern development security, JTAG protection, input validation and the usual application security shortcomings that the web and other platforms are struggling with. Default passwords, crypto keys and configurations still abound...

Comments  (0)

924ce315203c17e05d9e04b59648a942

Vulnerability Intelligence versus Vulnerability Management

July 30, 2012 Added by:Richard Stiennon

Hardening systems is one of the most important things you can do counter targeted attacks, yet most organizations have yet to operationalize the process. I understand how hard -and expensive- it is. And it is easy for an analyst to wave the flag of “Patch now!” So forgive me for giving hard advice...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Broken Logic: Avoiding the Test Site Fallacy

July 25, 2012 Added by:Fergal Glynn

Dynamic Application Security Testing (DAST) tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated. We should not gage the effectiveness of a scanner by only looking at the results from scanning these public test sites...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance: Figuring Out the Developers

July 18, 2012 Added by:Rafal Los

From organizations that don't care about the security of their applications to to those that follow "best practices", to those that never stop spending money and trying to improve - they all have one thing in common: They've experienced a security incident of varying levels of calamity...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Coders Rights at Risk in the European Parliament

July 18, 2012 Added by:Electronic Frontier Foundation

By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...

Comments  (0)

4eb356e09746aadc2f4800877e8c24e8

Penetration Testing the Cloud: Three Important Points

July 17, 2012 Added by:Brandon Knight

One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

NIST: Test Framework for Upgrading Smart Electrical Meters

July 13, 2012 Added by:Infosec Island Admin

"Companies will be able to tailor these generic test criteria to their own systems. To make it an effective framework, we made sure that it contains consistent, repeatable tests they can run, producing documentation that contains adequate, accurate information regardless of the individual system..."

Comments  (0)

Page « < 1 - 2 - 3 > »
Most Liked