SEARCH RESULTS
 
Showing 1-10 of 43 records
 
Expand article

The First Rule of Programming: It's Always Your Fault

2008-03-23 10:36:58 by Stuart King in Stuart King's Security and Risk Management Blog
 
...fault. And that leads me neatly to this great blog from Jeff Atwood entitled "The First Rule of Programming: It's Always Your Fault." Statistically, you understand, it is incredibly rare for any bugs or errors in your software not to be your fault. Programmers have a tendency to become very defensive about their work. Recently, when being...
 
Tags: code, debug code, fault, guilty code, software security presentations, software, project code, days, secure software
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...fault-injection testing) is an automated testing approach based on supplying inputs that are designed to trigger and expose flaws in the application. Our vulnerability testing tool enumerates a web application's URLs and corresponding input parameters. It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

Systematic Automations breach continued...

The Article has images
2008-02-25 10:28:07 by Evan Francen in The Breach Blog
...fault the district for the incident," Lake added, "I was hoping that we would get some more assistance to help all the employees in the district Evan] The district DOES share some fault in this breach. The personal information was given to the district with the assumption that the district would protect the information. The responsibility for...
 
Tags: sensitive personal information, personal information, district, information, 33-campus district, district officials, enrolls district staffers, information security practices, school district vendor
 
 
 
 
Expand article

Former LendingTree employees sold access to customer information

The Article has images
2008-04-23 13:08:37 by Evan Francen in The Breach Blog
...fault LendingTree too much for the incident occurrence. Preventing internal privileged access abuse is a real challenge. There are some controls that can reduce risk, but we don't know which of these are in use at LendingTree. I think it was just a matter of time. Actually, I would be surprised if this was the first time with past occurrences...
 
Tags: information, lendingtree, necessarily fault lendingtree, fault lendingtree, employment information, credit card information, lendingtree faqs, information security personnel, security
 
 
 
 
Expand article

Log Management: Insight From Ancient Times (The 80s, That Is :-))

2008-05-12 17:35:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...fault detection and problem isolation The requirement to collect 100% of all log messages of all log sources is even more important in operations than it is in security." ( why Rather than replacing these systems with yet another console, most companies are going to look for the ability to integrate a new information source, log data in...
 
Tags: log management, 80s, log data, console, fault management console, organizations confess, primary budget, operations, log messages
 
 
 
 
Expand article

Laptop is stolen from the car of a First Calgary Savings employee

The Article has images
2008-05-20 10:47:48 by Evan Francen in The Breach Blog
...fault of our employees," said Banman Evan] It is the fault of poor information security management and governance. The person or persons responsible for information security management and governance appear(s) to have failed in his/her responsibilities We have contacted all affected member-owners, totalling a few hundred, by telephone and...
 
Tags: employee, information, personal information, breach description, breach, information security breach, financial information, confidential information, calgary savings
 
 
 
 
Expand article

Is Your Amazon Machine Image Vulnerable to SSH Spoofing Attacks?

The Article has images
2008-07-14 16:26:40 by Craig Balding in Cloud Security
...fault of SSH - secure channels require proper key management and the need for unique host keys is well documented. Are there any mitigating factors Yes, if you have used security groups to limit SSH access to your AMI from IP ranges you trust (rather than the entire Internet). Youll still want to regenerate the ssh host keys sooner than...
 
Tags: ssh, limit ssh access, ssh host keys, host keys, ssh user keys, amazon, host ssh keys, amazon machine image, initial ssh connection
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...fault-injection testing) is an automated testing approach based on supplying inputs that are designed to trigger and expose flaws in the application. Our vulnerability testing tool enumerates a web application's URLs and corresponding input parameters. It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check
 
 
 
 
Expand article

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...fault-injection testing) is an automated testing approach based on supplying inputs that are designed to trigger and expose flaws in the application. Our vulnerability testing tool enumerates a web application's URLs and corresponding input parameters. It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities...
 
Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check