SecurityRatty: tag: clarification

WAF Better Than Code Review? Not Really.

2008-04-16 02:00:33 by Chris Eng in Zero in a bit

...clarification coming in May (hey, a whole month to prepare!). As a refresher, 6.6 says that web applications must be reviewed by a third party for security vulnerabilities, or a web application firewall (WAF) must be installed. Anyway, in this article, PCI-DSS General Manager Bob Russo makes the following statement Personally, Id love to see...

Tags: waf, application firewall, web application firewall, manager bob russo, russo, manual code reviews, security vulnerabilities, clarification, attacks

Fiber: Review of Optics, Cables & Connectors

2008-04-05 03:22:59 by JJ in Security Uncorked

...clarification about 80% of the time when were working with customers on networking equipment or site surveys Heres a brief review of the various types of fiber, optics, connectors and when to use what. Lets start with the basic stuff, and move down the line Multi-mode vs Single-mode First of all, we have multi-mode and single-mode fiber....

Tags: cables, simplex fiber cables, fiber, connectors, fiber cables, short fiber runs, short, single-mode, single-mode fiber

PCI 6.6 clarified

2008-04-22 16:47:40 by Bill in Grumpy Security Guy

...clarification in PCI 6.6 Information Supplement Released. All I have to say is well done to the PCI council! From my first pass it seems like it is pretty clear AND they understand the issues organizations are facing. I have a few nits, here and there but it is 1000% better than it was before Related Posts No related posts Post from: Grumpy...

Tags: pci, pci council, grumpy security guy, issues organizations, information supplement, trey ford, posts, pass, post

SC Magazine article on clarification of PCI requirements

2008-04-24 12:24:44 by HASH0x8911584 in StillSecure, After All These Years

...clarifications around section 6.6 and 11.3 of the PCI DSS. Jim Carr over at SC Magazine ran an article on it today that he interviewed me for. While I am not the PCI expert Martin is, I was happy to contribute my 2 cents (ain't I always Anyway, sounds to me like these new clarifications are going to wind up with a lot of web application...

Tags: martin, pci expert martin, web application firewalls, clarifications, recent clarifications, lot, article, magazine, pci dss

SC Magazine article on clarification of PCI requirements

2008-04-24 13:24:15 by ashimmy in StillSecure, After All These Years

...clarifications around section 6.6 and 11.3 of the PCI DSS. Jim Carr over at SC Magazine ran an article on it today that he interviewed me for. While I am not the PCI expert Martin is, I was happy to contribute my 2 cents (ain't I always Anyway, sounds to me like these new clarifications are going to wind up with a lot of web application...

Tags: martin, pci expert martin, web application firewalls, clarifications, recent clarifications, lot, article, magazine, pci dss

Stiennon says NAC is dead - I must be in heaven!

2008-05-02 22:48:36 by HASH0x8472590 in StillSecure, After All These Years

...clarification is necessary 1. Richard is mixing metaphors with Network Admission Control and Network Access Control. Both are NAC. Admission control was coined by Cisco, access control was first used by Gartner I believe. Richard seems to indicate that admission control is bad, access control or at least some definitions of it are OK. More...

Tags: nac, solution, nac solution, nac vendors, market, stock market, nac market, richard, richard stiennon

EU bloggers under assault by the European Parliament - they need your help

2008-06-12 08:38:35 by HASH0x8b6ca50 in StillSecure, After All These Years

...clarification of the legal status of different categories of weblog authors and publishers as well as disclosure of interests and voluntary labelling of weblogs As the belsec author points out, disclosure of their identities would effectively silence their voices. There is no first amendment freedom of speech or freedom of press...

Tags: bloggers, weblog authors, authors, legal status, blog owners, status, blog, bloggers rights, european parliament

EU bloggers under assault by the European Parliament - they need your help

2008-06-12 09:38:11 by ashimmy in StillSecure, After All These Years

...clarification of the legal status of different categories of weblog authors and publishers as well as disclosure of interests and voluntary labelling of weblogs As the belsec author points out, disclosure of their identities would effectively silence their voices. There is no first amendment freedom of speech or freedom of press...

Tags: bloggers, weblog authors, authors, bloggers rights, freedom, legal status, blog owners, basic freedom, status

Minimizing the Attack Surface, Part 2

2008-07-07 21:10:25 by Chris Eng in Zero in a bit

...clarification. I noticed that some of the readers who commented on that first post wanted to talk about improving security through the use of various development methodologies or coding frameworks. Those are interesting tangents (and ones that I may write about in the future), but my intention with this post is to discuss a very specific...

Tags: dwr-invoker dwr, dwr-invoker, dwr library, dwr, library, security, dwr dispatcher, security posture, point-in-time application profile

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo