Blog Posts Tagged with "Application Security"

4eb356e09746aadc2f4800877e8c24e8

Penetration Testing the Cloud: Three Important Points

July 17, 2012 Added by:Brandon Knight

One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...

Comments  (1)

Ebdbfa1c3de4d826bbe7fe360c211ecc

A Step-by-Step Guide for Choosing the Best Scanner

July 16, 2012 Added by:Shay Chen

There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Data: The Final Frontier of the Collapsing Perimeter

July 16, 2012 Added by:Rafal Los

If we as IT professionals and architects acknowledge that the perimeter is now around the data, what solutions do we have for protecting it? How can we protect data which is mobile, usable, and in a constant state of danger? The answer seems to be some form of protection that involves our old friend, encryption...

Comments  (0)

8e6e3972318ff74b194801340248199e

Infosec: Is it Really OK to Say No?

July 16, 2012 Added by:Scott Thomas

Our job isn't to run the business or set direction, our job is to tell the ones at the helm that building a boat out of tin foil is a bad idea. We need to change the sign on the door from "Department of No" to "How does this affect our risk-posture?" and realize even then sometimes you need to say "No"...

Comments  (3)

E85787adcaf7bca10e799cfd1cfd08f1

Beware of BYOD Wreaking Havoc

July 13, 2012 Added by:Michelle Drolet

The downside to the BYOD movement is the difficulty of maintaining security. How do IT departments provide easy access to documents and files for a host of different devices and still ensure that sensitive material remains safe and workplace systems are not exposed to serious threats? How can they safeguard networks?

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Insecure Cryptographic Storage Explained

July 12, 2012 Added by:Fergal Glynn

The impact of Insecure Cryptographic Storage flaws when exploited is usually quite high due to the fact that the information that is usually encrypted are important things like personally identifiable information, trade secrets, healthcare records, personal information and credit card numbers...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Web Application Firewalls: There is No Spoon

July 12, 2012 Added by:Wendy Nather

I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...

Comments  (1)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FCC Seeks Public Comment on Mobile Data Collection Policies

July 10, 2012 Added by:David Navetta

The FCC revived an inquiry first launched in 2007 to investigate telecom carriers’ practices regarding the privacy and security of information stored on mobile communications devices, prompted by the recent controversy in which software installed on mobile phones was shown to be collecting data from customers...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Detecting Unknown Application Vulnerabilities "In Flight"

July 10, 2012 Added by:Rafal Los

While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....

Comments  (0)

094983f35f079e5bd15fdc2f9ce9297c

How Hacking Can Kill

July 09, 2012 Added by:Edward Jones

Wherever you are on the internet, there’s often a virus lurking around the digital corner. A hacker will always find a new way of getting your data - and turning it into money. And as we found-out last year, hacking has progressed from threatening our data security to potentially threatening our lives...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

MMarketPay.A Android Malware Found in the Wild

July 09, 2012 Added by:Headlines

Researchers have discovered a new malware strain targeting Android devices that is designed to make unauthorized purchases from infected units. The malware has been detected as being spread by at least nine different application markets and may have infected as many as one-hundred thousand users...

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

Nonsense Abounds, and More is Coming...

July 05, 2012 Added by:Jack Daniel

You cannot “stop attacks”, you can only alter the consequences of the attacks. You can stop attacks from succeeding sometimes, and minimize the impact on your organization, but the attacks will come no matter what. Further, the idea that “attacks” only fall into two categories, zero-day and patchable, is more nonsense...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

ENISA: High Roller Online Bank Robberies Reveal Security Gaps

July 05, 2012 Added by:Headlines

The old adage that “criminals go where the money is” means that bank robbers go online, Executive Director of ENISA, Professor Udo Helmbrecht states. It should come as no surprise that large organized crime groups are targeting online banking sites. Still, the attacks drew much attention for three reasons...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Resilient Enterprise: Resolving Issues Faster

July 03, 2012 Added by:Rafal Los

How can we both restore service quickly and solve a long-term systemic problems when we can't always tell that two issues are even related? Optimize the analysis between changes, connected systems and components to figure out dependencies in cases such as linked and distributed failures...

Comments  (0)

145dfdfe39f987b240313956a81652d1

Small Tech Firms Pursue Level 1 Service Provider PCI Compliance

July 01, 2012 Added by:Stacey Holleran

Small technology companies are finding themselves in a unique business situation as prospective clients increasingly request software applications and hosting solutions that can accommodate secure mobile payment transactions, bringing these technology companies to the forefront as “merchant service providers”...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Unveil Advanced Malware Detection Method

June 29, 2012 Added by:Headlines

Unlike traditional malware detection tools, RiskRanker does not rely on malware samples and signatures already identified. It is able to identify applications that exhibit signs of malicious code while they are still in the marketplace, before the malware is downloaded onto potential victim's mobile devices...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »