SecurityRatty: tag: design

A VMware VirtualCenter Design Flaw?

2008-06-19 20:30:16 by Adnan Hindi in ScienceLogic

...design flaw? Was the point of the Add Permissions feature for datastores and networks to prevent users from getting to those datastores/networks? Or was it to maybe give the appearance of ACL functionality ? Or something like a poor mans quota management? And if youre going to let administrators add permissions in a view, why not let them...

Tags: networks, networks view, feature, permissions feature, view, permissions, hostsclusters view, vmware virtualcenter, virtualcenter

Design flaws, besides vulnerabilities, hurt banking sites

2008-07-23 00:00:00 by HASH0x8472e80 in Network World on Security

Banking Web sites suffer from design flaws that undermine their security, exclusive of software vulnerabilities, according to a University of Michigan study to be released Friday

Tags: design flaws, web sites suffer, michigan study, software vulnerabilities, university, friday, undermine, security, exclusive

Security researcher reveals iPhone design flaws

2008-10-02 00:00:00 by HASH0x8472bc8 in Network World on Security

Apple's iPhone has two design flaws that could pose potential security problems, according to a researcher

Tags: design flaws, pose potential security, iphone, researcher, apple

Mashup of the Titans

2008-06-25 17:29:25 by Gunnar Peterson in 1 Raindrop

...design as simple and small as possible. This well-known principle applies to any aspect of a system, but it deserves emphasis for protection mechanisms for this reason: design and implementation errors that result in unwanted access paths will not be noticed during normal use (since normal use usually does not include attempts to exercise...

Tags: protection mechanisms, protection mechanisms correctly, information security, information, implements protection mechanisms, information travels, information security people, protection, potential information path

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...Design Deployment Runtime The paper uses the OWASP top-10 as the basis for measure and comes up with metrics that will tell us how we're doing against it The goal of metrics should be, where possible, to create objective measures of something. Whereas some of the metrics described in the paper are quite objective, others are more than a...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Wrapping up Threat Modeling

2008-02-14 22:51:35 by sdl in The Security Development Lifecycle

...design specification (a development spec that defines the architecture that is required to implement the functional specification), and your test plan (a test spec that defines how you plan on ensuring that the design as implemented meets the requirements of the functional specification Just like the functional, design and test specs, a...

Tags: threat, threat modelers, threat models, threat model, design, design specification, specification, set, challenges set people

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive

...Design Defects Implementation Defects I hadn't gotten good answers up to this point because measuring those internally during the development process is a constantly moving target. If your testing methodology is always changing, then its hard to say whether you're seeing more or fewer defects of a given type than before, especially as a...

Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers

Hacking Mifare Transport Cards

2008-08-07 06:07:02 by schneier in Schneier on Security

...design. NXP attempted to deal with this embarrassment by keeping the design secret The group that broke Mifare Classic is from Radboud University Nijmegen in the Netherlands. They demonstrated the attack by riding the Underground for free, and by breaking into a building. Their two papers (one is already online ) will be published at two...

Tags: mifare, design, design secrecy, mifare classic chip, secrecy, security, secrecy supports security, security properly, chip

How Secure is Secure?

2008-05-08 16:46:00 by sdl in The Security Development Lifecycle

...Design In the 1990s, the US and other nations combined their efforts to create an international security standard for software known as the Common Criteria (ISO 15408). Common Criteria also has a rating system that scores products with evaluation assurance levels (EALs EAL 1: Functionally Tested EAL 2: Structurally Tested EAL 3:...

Tags: security metrics, software security metrics, implementation vulnerabilities, potential implementation vulnerabilities, metrics, secure, software, discretionary security protection, security protection

No, I Dont Know the Answer to the Big DNS Secret

2008-07-09 15:26:37 by Chris Eng in Zero in a bit

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo