Blog Posts Tagged with "SSA"

50a3c69a961fe8acf7b68c430ab8c592

Social Security Administration’s Second Attempt at 2FA Fails Federal Government’s Own Standards, Not Secure

June 06, 2017 Added by:Alexandre Cagnoni

The Social Security Administration (SSA) recently instituted its latest precautions to identify threats and protect citizens’ information by making two-factor authentication mandatory for all users.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Effective Software Security Starts and Ends with Requirements

October 28, 2011 Added by:Rafal Los

Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance - Getting the Formula Right

August 27, 2011 Added by:Rafal Los

Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Business Relevant Infosec - The Top and Bottom Lines

July 24, 2011 Added by:Rafal Los

Security isn't somehow disconnected from the business... it's part of the business. When we fail to see that, to acknowledge that, then we lose - and by we I mean the entire community, the organization and you too...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Wizard-Driven Software Security Testing

July 06, 2011 Added by:Rafal Los

The technology available today for testing your applications is quite complex, but many folks simply want to push the "magic security button" and get fast, accurate results. That's simply impossible, but the requirements continue to demonstrate this want. So what do we do?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Thoughts on Software Security Assurance from a Like Mind

June 10, 2011 Added by:Rafal Los

Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Most Important Security Question Ever Asked

June 01, 2011 Added by:Rafal Los

I've been learning a lot lately from one of my senior colleagues who's been doing this software security assurance thing much longer than I have, and the more time I spend with him the more I understand that it all comes down to one very simple question: Why?

Comments  (5)

0a8cae998f9c51e3b3c0ccbaddf521aa

Prescriptive Software Security Assurance for SMBs

May 25, 2011 Added by:Rafal Los

Can you handle the work it would take to ratchet up security on your applications? If you've got more than a dozen applications with more then 5 in the pipeline, you can figure on a single non-dedicated resource being able to handle one application security test per week, tops...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Securing Applications at High Velocity

May 11, 2011 Added by:Rafal Los

While the blistering speed of application development and deployment may enable the business to be more agile and responsive to the changing business climate than ever, it creates unparalleled challenges for anyone with security as part of their job description...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Data Breach Overload is Killing SSA

April 19, 2011 Added by:Rafal Los

Money and technology alone won't bring us secure software or applications. Many times the idea of spending a large chunk of money on tools alone sounds appealing because someone selling you something says that you should - but I'd like to urge caution...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance in a "One Man Show"

April 15, 2011 Added by:Rafal Los

Down-scaling an enterprise security challenge into a smaller fit is more of a challenge than you'd think, because it's just too easy to say 'outsource it all'... but how does that actually help an organization write more secure software? The answer is that it doesn't...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Paying for Risk: The Hidden Dangers of Software Acquisition

April 02, 2011 Added by:Rafal Los

Many organizations forego a Software Security Assurance (SSA) program simply because they don't develop their own software and so are missing the risks of the software or applications they are purchasing - don't get caught with this type of risk...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security: Just What is the Meaning of Mature?

March 22, 2011 Added by:Rafal Los

When an organization's SSA Program is mature, they've minimized their spending (thus maximizing their efficiency), they're impacting their business in a minimal way, and have decreased latent IT-based risk to their business applications to an acceptable level...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Four Components of a Successful SSA Program

February 15, 2011 Added by:Rafal Los

Process can be outlined in documentation and stored on a network share or published in a booklet on everyone's desktop. Process can be a workflow-driven project management system that requires a security-infused approach from requirements gathering all the way through post-release...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Avoiding the Top 3 Application Security Mistakes

January 26, 2011 Added by:Rafal Los

You cannot reasonably expect to take application security analysis results and hurl them over the proverbial wall into the developer's world and expect something magical to happen. It won't. 9 out of 10 times the mass of bits you just sent over will be ignored, or worse, misunderstood...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Why Application Security Programs Fail

January 23, 2011 Added by:Rafal Los

Having clearly-defined and attainable goals of your Software Security Assurance program is more important than almost anything else. While there are many subtleties to building goals in any organization, without them being clearly defined and reachable you cannot expect anything else but failure...

Comments  (0)

Page « < 1 - 2 > »