Blog Posts Tagged with "Methodologies"


AppSec Mistakes Companies Make and How to Fix Them

April 24, 2012 Added by:Fergal Glynn

We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...

Comments  (0)


Hacking-Kung Fu: Aims and Objectives

April 15, 2012 Added by:Quintius Walker

Understanding Kung Fu-Hacking enables you to realize that there is more to it than merely learning form or exploits. Understanding will lead you, if you are still not able to defend yourself in real world situations or compromise systems outside lab environments, to ask why...

Comments  (0)


The Information Security OODA Loop Part 5: Act

April 06, 2012 Added by:Rafal Los

Practicing the OODA Loop for incident response is critical to making sure you avoid panic-induced decisions which could be catastrophic. If you're already formulating excuses as to why you won't be able to practice - just forget this altogether...

Comments  (0)


Positioning the Security Team Through Influence Part 1

April 06, 2012 Added by:Steven Fox, CISSP, QSA

The essential approach to enhancing the role of security professionals is to enhance their organizational influence. This article kicks off a series exploring basic influence styles, the associated pitfalls, and guidance for their proper application...

Comments  (0)


The Information Security OODA Loop Part 4: Decide

April 04, 2012 Added by:Rafal Los

There are any number of possible decisions to be made in an infosec OODA Loop cycle. Sometimes the most basic decision to be made is whether to act or to hold your position. Too often infosec tends to look at a potential event and assume that the response must be action...

Comments  (0)


The Information Security OODA Loop Part Three - Orient

April 03, 2012 Added by:Rafal Los

In infosec, if you've worked at companies who are doing security poorly and getting ravaged by hackers your first inclination may be desperation when your digital assets are under attack. It's hard to completely wipe the slate clean from previous experiences...

Comments  (0)


Taking the Crowbar to Cyber-Denying Eyes

April 03, 2012 Added by:Don Eijndhoven

Making your own arbitrary definition of Cyber Warfare and discounting MOUNTAINS of evidence that undermine your point isn't very scholarly to say the least. Can we please stop giving a stage to these people who are obviously cherry-picking their way to an uninformed argument?

Comments  (9)


Mind Control Security Awareness

April 03, 2012 Added by:Pete Herzog

ISECOM's SmarterSaferBetter seminar teaches you to actively keep on re-filtering. Doing it right by being alerted to prompts is the best way to keep your guard up, because actively filtering your world is truly exhausting. And being tired is when we make security mistakes...

Comments  (4)


The Information Security OODA Loop Part Two - Observe

April 01, 2012 Added by:Rafal Los

Infosec is in a constant chess match with the opposition. In order to have some way of fighting this asymmetric digital warfare, we need to have an organized, formalized way of identifying current threats and reacting in near-real-time in order to reach a state of detente...

Comments  (0)


The Information Security OODA Loop: An Introduction

March 29, 2012 Added by:Rafal Los

The OODA loop was invented by a military strategist, and the idea is that in order to win any given incursion you must go through your OODA loop faster than your opponent. Failing to do so can mean the difference between an incident and a catastrophic breach...

Comments  (0)


Just One of the Reasons Why I Love Anonymous

March 28, 2012 Added by:Quintius Walker

In the world of cyber-security things transform at the speed of light. From exploits to methods, what worked yesterday is not the solution tomorrow. Ethical problem solving students should do themselves a favor and study the ways of the infamous idea known to us as Anonymous...

Comments  (0)


Vulnerability Remediation: No More Traffic Signals

March 22, 2012 Added by:Ed Bellis

When you dig into the issue of prioritization it can be complex. Adding to the complexity, factors are often different from organization to organization. I am all for breaking things down to their simplest parts by obfuscating the complex factors, not by eliminating them...

Comments  (2)


Some Thoughts on Sandboxes

March 22, 2012 Added by:Rafal Los

Developer should be writing good code, period. But when the pace of developing outpaces the ability to do complete software security analysis we see security organizations turning to sandboxing as a method of limiting the damage an exploited piece of code can do...

Comments  (0)


Three Key Take-Aways from Black Hat Europe 2012

March 18, 2012 Added by:Rafal Los

Every year we see tons of new development frameworks from IP telephony to something else the business wants - mobility, cloud, consumerization - that information security professionals only start to address and understand just as they're starting to go out of style...

Comments  (0)


Assumptions: A Common but Dangerous Programming Practice

March 13, 2012 Added by:Fergal Glynn

Whatever the intended use of your input may be, even if you employ best practices to prevent data tampering, verifying individual pieces of data both at the reading and writing stage is a good defense in depth measure that can be taken with minimal effort...

Comments  (0)


CISSP Reloaded - Domain Two: Access Controls

March 07, 2012 Added by:Javvad Malik

Understand who’s trying to get access and choose the control that will really protect you. Or rather, I should say, the control should protect you long enough for you to do something about it. Otherwise you might find yourself as the person holding a knife in a gunfight...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »