SEARCH RESULTS
 
Showing 1-10 of 82 records
 
Expand article

The New Threat Modeling Process

The Article has images
2007-10-02 01:15:35 by sdl in The Security Development Lifecycle
...describe the process One of the largest changes that weve made is to a simplified process (and diagram). I like to say that this looks pretty much like every other software process diagram you see today. Thats intentional. Theres only so much we can expect people to take away from a class, and making this simple and familiar helps ensure...
 
Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel
 
 
 
 
Expand article

Links for 2008-02-25 [del.icio.us]

2008-02-26 00:00:00 by Editor in Anton Chuvakin Blog -
 
...Describe the audit logging input and output options 3.2 Describe log analysis tools 3.3 Describe security event notification options 3.4 Where and how is logging integrated into XSG? 3.4.1 How are the logs secu Musings on Information Security :: Application Due Care Often I hear phrases such as "if the application is truly built secure...
 
Tags: log management, log, security, spire security viewpoint, risk management, practical risk management, application due care, application, security layers
 
 
 
 
Expand article

The Other Side of Life

2008-03-21 16:06:00 by sdl in The Security Development Lifecycle
 
...describe three real experiences that illustrate things that shouldnt be controversial either, but arent usually covered under the rubric of security. They are crucial nonetheless Security is not the point , its the needs of the customer. Its easy to believe that security is the point of producing a product. Its not. We wont produce an...
 
Tags: team, product team, engineers, security engineers, security, balance security, security professional, test managers, test
 
 
 
 
Expand article

Measuring Vulnerability

The Article has images
2008-04-14 14:31:38 by JonesJ in RiskAnalys.is
...describe this measurement, we account for the fact that under some circumstances wind speeds of less than 150 MPH might compromise the structure, while in some circumstances the structure may be able to withstand speeds greater than 200 MPH If we wanted to measure the structures vulnerability to a specific type of storm (e.g., a tornado) we...
 
Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control
 
 
 
 
Expand article

Warming the cold boot a bit of braggin from BitArmor

2008-02-28 13:17:00 by Manu Namboodiri in Data Protection, Management and Leakage
 
...described by Princeton researchers. In short, they describe how one can steal the contents of RAM and extract the encryption passwords kept in clear text. The research concludes that almost all disk encryption products have the same fundamental flaw that enables anyone, without custom-built and expensive resources, to gain access to the...
 
Tags: approach, happy approach, disk encryption products, disk encryption, complexity approach, bitarmor, disk encryption technologies, researchers, princeton researchers
 
 
 
 
Expand article

Directly connect to your corpnet with IPsec and IPv6

2008-06-25 20:55:59 by Steve Riley in Steve Riley on Security
 
...described an idea of using IPv6, IPsec, NAP, and group policy to build a pretty slick replacement for clunky VPN gateways. Turns out we've been piloting this very idea on our internal corpnet. Like a good little bunny I got myself enrolled in the thing and -- pardon the unattractive gushing -- this thing rawks! Here's a brief rundown of the...
 
Tags: directly, corpnet, sql server directly, data, data center, ipv6, trust, end-to-end trust vision, users store data
 
 
 
 
Expand article

The Grammar of Complex and Intelligent Events

2008-06-29 04:56:06 by Tim Bass in The Complex Event Processing Blog
 
...describe processing capabilitities that are missing from the current suite of self-described CEP software products. Whatpeople reallymeanto describe is the Intelligent Processing of Complex Events. However, based on the same grammer used in definingCEP, theyhave created the Processing of Intelligent Events The use of inconsistent grammar and...
 
Tags: complex, intelligent, terms, terms complex event, intelligent events, events, intelligent event, cep, cep covers
 
 
 
 
Expand article

Open Wireless Networks on University Campuses

2008-07-31 13:30:21 by Editor in IEEE Security and Privacy
 
...describe the challenges of removing individual user authentication requirements at the perimeter of a university network in which mobile device users access system resources over wireless links to the wired infrastructure. The authors discuss how to mitigate the security and privacy risks entailed in an open network of this sort, and also...
 
Tags: network, university network, authors describe, nonsensitive system resources, describe, malicious attacks, wired infrastructure, authors discuss, privacy risks
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...describe a class of security vulnerabilities in web applications. An attacker can inject malicious scripts to perform unauthorized actions in the context of the victim's web session. Any web application that serves documents that include data from untrusted sources could be vulnerable to XSS if the untrusted data is not appropriately...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

Intellectual Property- what is it and how do we secure it?

2007-12-29 06:43:45 by Editor in Security Links