Items Tagged with "Application Security"
July 18, 2012 Added by:Danny Lieberman
The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...
July 18, 2012 Added by:Headlines
“Q2 data showed a return to traditional infrastructure attacks and is likely a reflection of changing tools for launching DDoS attacks. With Layer 7 attacks, the risk of detection and eventual take down by law enforcement increases because these attacks disclose the IP address of the attacking botnet..."
July 17, 2012 Added by:Brandon Knight
One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...
July 16, 2012 Added by:Shay Chen
There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...
July 16, 2012 Added by:Rafal Los
If we as IT professionals and architects acknowledge that the perimeter is now around the data, what solutions do we have for protecting it? How can we protect data which is mobile, usable, and in a constant state of danger? The answer seems to be some form of protection that involves our old friend, encryption...
July 16, 2012 Added by:Scott Thomas
Our job isn't to run the business or set direction, our job is to tell the ones at the helm that building a boat out of tin foil is a bad idea. We need to change the sign on the door from "Department of No" to "How does this affect our risk-posture?" and realize even then sometimes you need to say "No"...
July 13, 2012 Added by:Michelle Drolet
The downside to the BYOD movement is the difficulty of maintaining security. How do IT departments provide easy access to documents and files for a host of different devices and still ensure that sensitive material remains safe and workplace systems are not exposed to serious threats? How can they safeguard networks?
July 12, 2012 Added by:Fergal Glynn
The impact of Insecure Cryptographic Storage flaws when exploited is usually quite high due to the fact that the information that is usually encrypted are important things like personally identifiable information, trade secrets, healthcare records, personal information and credit card numbers...
July 12, 2012 Added by:Wendy Nather
I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...
July 11, 2012
The purpose of this publication is to help organizations centrally manage and secure mobile devices against a variety of threats. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use...
July 10, 2012 Added by:David Navetta
The FCC revived an inquiry first launched in 2007 to investigate telecom carriers’ practices regarding the privacy and security of information stored on mobile communications devices, prompted by the recent controversy in which software installed on mobile phones was shown to be collecting data from customers...
July 10, 2012 Added by:Rafal Los
While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....
July 09, 2012 Added by:Edward Jones
Wherever you are on the internet, there’s often a virus lurking around the digital corner. A hacker will always find a new way of getting your data - and turning it into money. And as we found-out last year, hacking has progressed from threatening our data security to potentially threatening our lives...
July 09, 2012 Added by:Headlines
Researchers have discovered a new malware strain targeting Android devices that is designed to make unauthorized purchases from infected units. The malware has been detected as being spread by at least nine different application markets and may have infected as many as one-hundred thousand users...
July 05, 2012 Added by:Jack Daniel
You cannot “stop attacks”, you can only alter the consequences of the attacks. You can stop attacks from succeeding sometimes, and minimize the impact on your organization, but the attacks will come no matter what. Further, the idea that “attacks” only fall into two categories, zero-day and patchable, is more nonsense...
July 05, 2012 Added by:Headlines
The old adage that “criminals go where the money is” means that bank robbers go online, Executive Director of ENISA, Professor Udo Helmbrecht states. It should come as no surprise that large organized crime groups are targeting online banking sites. Still, the attacks drew much attention for three reasons...