Items Tagged with "Application Security"


0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security is a Business Problem

June 14, 2012 Added by:Rafal Los

Information Security hasn't figured out how to actually approach the problem of insecure code. Security is still largely seen as the "not my problem" problem. It's not that developers have singled out security as something they want to ignore - it's that they've got too many other things to worry about...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Thirteen Tips to Secure Your Virtual Machine Environment

June 14, 2012 Added by:Brent Huston

Virtual environments are becoming more popular, enabling multiple OS environments and providing disaster recovery solutions. Safeguarding your virtual environment is vital, though it doesn’t have the same issues as a physical environment. Here are a few tips to keep things running smoothly...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

LulzSec Reborn vs Twitter and OAuth Security Issues

June 13, 2012 Added by:Plagiarist Paganini

The third-party authentication process implements the open standard for authorization, or OAuth, that allows users to share private resources stored on one site with another. The hack raises a serious question regarding the security level ensured by third-party authentication processes...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Path to NoOps is Through the Cloud

June 12, 2012 Added by:Rafal Los

So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

What's in a Name: Does DevOps Need a Security Flavor?

June 12, 2012 Added by:Rafal Los

Lots of folks are trying to remove bottlenecks between development and deployment within an organization to get IT to a more agile state. Every once in a while someone talks about security - I've been trying to figure out whether and how we should be discussing the DevOps and security relationship...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Solving Problems from the Security Viewpoint

June 07, 2012 Added by:Rafal Los

From experience, there are 3 clearly identified causes for poor adoption of well-intentioned security-built technology into everyday development and systems building... Let's take a look at them and see what can be done to raise the level of adoption from each case...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Apple's Crystal Prison and the Future of Open Platforms

June 06, 2012 Added by:Electronic Frontier Foundation

Apps that require administrative privileges are impossible to install on an iOS device without jailbreaking it. This includes apps that let you firewall your device and secure your internet traffic with OpenVPN. Jailbreaking also helps security and privacy researchers to see if apps are leaking data...

Comments  (3)

959779642e6e758563e80b5d83150a9f

Five Things a Healthcare CIO Can Do to Improve Security

May 31, 2012 Added by:Danny Lieberman

In a complex healthcare organization, large scale security awareness training is a hopeless waste of resources considering the increasing number of options that people have (Facebook, smartphones..) to cause damage to the business. Security awareness will lose every time it comes up against an iPad or Facebook...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

SUDOERS Commented Code Includes Use for Evil

May 31, 2012 Added by:Rob Fuller

When I started looking into appending or inserting lines into /etc/sudoers for CCDC, I happened upon an interesting function of that file. Near the end of the file there are two lines that look commented out, but in actuality are interpreted and acted upon, an evil way to stay hidden on a 'nix box...

Comments  (1)

B9d9352326e5421a02e698a51d10ad2c

On the Recent Blizzard and Diablo 3 Account Compromises

May 29, 2012 Added by:Beau Woods

Gamers have gotten more savvy about giving away information which would allow someone else to access their account. But the attackers have adapted as well and use other ways of getting that information than by sending fake emails. Here are some of the more creative and sophisticated ways the thieves operate...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

The (Hidden) Cost of Security Fixes in Enterprise Software

May 29, 2012 Added by:Rafal Los

Who should pay for fixes necessary to patch security defects in software? The question is deeper than whether fixes should be made available free of charge for software components that are found to contain issues. There are more costs than simply acquiring the fix here, which is where the conversation changes...

Comments  (1)

65be44ae7088566069cc3bef454174a7

Is Frictionless Sharing Like Digital Privacy Cancer?

May 25, 2012 Added by:Rebecca Herold

In a nutshell, “frictionless sharing” basically is a passive service that allows apps to automatically share your activity to a very wide number of entities and locations as you visit different websites, view videos and photos, listen to music, read ads and articles, and so on...

Comments  (3)

F2792196079f2c16cd02be6e9ff5b3da

Why AppSec Won't Always Bail You Out

May 24, 2012 Added by:DHANANJAY ROKDE

The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Root Cause Analysis (RCA): A Critical Skill

May 24, 2012 Added by:Rafal Los

Recently at TakeDownCon I brought up a term during my offense keynote that I thought the audience would, and should, be familiar with. Unfortunately, when I asked who was familiar with Root Cause Analysis only a few hands out of the whole room went up. This was a bit distressing...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

The Benefits of the Cloud for Performance Testing

May 24, 2012 Added by:Bill Gerneglia

By allowing test teams to instantly deploy existing performance test scripts to cloud-based load generators, the load is created on pre-configured systems provisioned in the cloud. This eliminates the effort and cost related to extending the on-premise test infrastructure...

Comments  (0)

B9d9352326e5421a02e698a51d10ad2c

New Study Published on Mobile Malware

May 23, 2012 Added by:Beau Woods

Two malware families show that authors have incorporated many sophisticated features to help circumvent detection and frustrate researchers attempting to study the samples, among other things. And their analysis showed that mobile malware is rapidly maturing...

Comments  (0)

Page « < 4 - 5 - 6 - 7 - 8 > »