SecurityRatty: tag: draw

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

...Draw a diagram of your software. We encourage use of the DFD formalisms, which Larry Osterman describes in this post Essentially, the elements are External entities (anything outside your control Processes (running code Data stores (files, registry entries, shared memory, databases Data flows (which connect all the other elements b. Draw...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

SDL and "End to End Trust"

2008-04-17 00:15:00 by sdl in The Security Development Lifecycle

...draw some analogies with some of my prior work In the late 1990s, I was not yet working on computer security but on computer speech recognition and speech synthesis for Microsoft. Having an engineering background, I was (and still am) very interested in the opportunities and possibilities enabled by freeing people from computer keyboards and...

Tags: trust, broader, broader discussion, trust portal, technology, technology progress, broader vision, speech recognition, computer speech recognition

A coward exposes personal information on 40% of Chileans

2008-05-16 13:56:50 by Evan Francen in The Breach Blog

...draw attention to the poor data protection measures in the country Evan] This is the worst way to draw attention to poor data protection. What "Anonymous Coward" did was create 6,000,000+ enemies and put his/her very well being at risk. He/she caused an extraordinary amount of harm to almost 40% of Chile's population and made a complete ass...

Tags: personal, information, chilean residents, residents, poor data protection, data protection, personal data, breach description, breach

Wakeup Call for Risk Management

2008-09-19 10:11:09 by Burton Group in Security and Risk Management Strategies Blog

...draw what lessons we can from the experience. Since the roots of the crisis lie in a monumental failure of risk management, its important to understand more about what happened, and then draw some parallels to our business risk management and IT risk management situations The risk management failure in the housing market and on Wall Street...

Tags: risk management, risk management debacle, risk management failure, failure, risk management realistic, business risk management, risk management models, risk, risk management situations

Mark Curphey On Builders and Breakers

2008-09-19 12:02:10 by Gunnar Peterson in 1 Raindrop

...draw blank stares. Ask application security consultants if they know about the latest HTTP or HTML spec and theyll likely say yes (and want to demonstrate the latest issues) but if you ask them about the latest WS-x spec youll likely draw more blank stares. When was the last time you saw an attack drawn out as a UML sequence diagram? This is...

Tags: issues, security issues, security, application security consultants, message security, builders, systems, security architects, resilient systems

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...draw of a homegrown tool A. We did evaluate commercially available fuzzers but felt that our specialized needs could be served best by developing our own tools

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog

...draw some interesting conclusions from these bugs. The specific vulnerabilities are integer overflows, out-of-bounds array accesses and buffer overflows. However, the general theme is using an integer from an untrusted source without adequately sanity checking it. Integer abuse issues are still very common in code, particular code which is...

Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil

Iowa DNR loses personal information on 7,000

2007-12-19 14:22:00 by Evan Francen in The Breach Blog

...draw attention away from the true problem(s He said the state has not received any reports of fraud or identity theft and doubts that it will The DNR is paying for a year's worth of credit-monitoring service for the workers. The workers have been told to contact the Iowa attorney general's office if they suspect fraud or identity theft...

Tags: iowa dnr, iowa, iowa dnr decides, iowa dnr lost, iowa department, dnr, computer flash drive, drive, information

Don't Try This At Home

2007-11-05 21:52:28 by sdl in The Security Development Lifecycle

...draw on years of experience about what goes wrong. Ideally, that expert works for you, and looks at the idea long before its implemented never mind shipping

Tags: mitigations, custom mitigations, security mitigations, innovative mitigations, software projects, software, expert, design, design principles

Making Threat Modeling Work Better

2007-10-17 00:23:53 by sdl in The Security Development Lifecycle

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo