SEARCH RESULTS
 
Showing 1-10 of 102 records
 
Expand article

Identity Framework Probable Feature List

The Article has images
2007-12-16 06:42:00 by Keith Brown in Security Briefs
...helps you implement a custom STS STS can issue managed cards (see below Fx provides a base class for your STS, (it's currently called SecurityTokenService You derive from this base class and supply a "ScopeProvider" implementation which answers (at least) two questions What type of claims your STS can issue (you have to generate a list of...
 
Tags: informationcard login control, login control, information card serializer, information, control, user authentication methods, user, custom sts, card
 
 
 
 
Expand article

Getting into the Flow With Threat Modeling

The Article has images
2007-10-11 23:25:00 by sdl in The Security Development Lifecycle
...helps take them from worrying about what your goals mean to worrying about how to achieve them. Without clear goals, its very challenging to get into the spirit of anything, whether playing a game or shipping an operating system. As goals go, think like an attacker and brainstorm arent up there with A PC on every desktop. The lack of a clear...
 
Tags: threat, people develop skills, people, challenge people, flow, sdl threat, entire threat model, threat model, guide people
 
 
 
 
Expand article

Supporting your family, friends, and neighbors

2008-02-13 17:45:40 by Steve Riley in Steve Riley on Security
 
...helps to eliminate malware. Its updated each month through the automatic update client and runs the next time a computer boots. It scans for and removes common malware like certain prevalent worms and rootkits. Since the tools introduction, millions of computers have been cleaned of billions of pieces of malware If you need to quickly scan a...
 
Tags: suspicious e-mail message, mail, home computers defense, home computers, e-mail, home, web mail, windows live mail, site
 
 
 
 
Expand article

Ten top quality tips to keep ypu safe from ID theft

2008-05-08 14:08:49 by Doug Woodall in The Spyware Biz Blog
 
...helps you prevent your own identity theft as well as safeguard your company from unfortunate data leakage incidents. Parents teach us to look both ways before crossing the street but most of us didnt grow up hearing, make sure your password contains a number or install the latest service pack, says Todd Feinman, CEO of Identity Finder, LLC a...
 
Tags: theft, identity finder, identity, prevent, software helps prevent, identity theft, computer helps, computer, data leakage incidents
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...helps to mitigate the risk of successful exploitation of user input which is not correctly verified This defense has been known about forever; heck, David and I discussed this in detail in the first edition of Writing Secure Code in 2002 From page 320, "Another way to perform this kind of processing is to use placeholders which are often...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

More Log Management Questions - Answered!

2008-05-23 16:04:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...helps you to configure logging across all the systems as well as helps to know what information you have in your environment (should an auditor ask, for example). A log policy also defines log retention, log review practices, etc. NIST 800-92 Guide to Security Log Management [PDF] is a good source of info on this subject Enjoy Technorati...
 
Tags: log management, log, defines log retention, log policy, log management tool, log management program, infrastructure logs, logs, log messages
 
 
 
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...Helps the board and management understand whether the information security function has the resources, systems, and processes it needs to be efficient and effective Independently validate that the organizations information security program efforts are proactive and effective against current and emerging threats. To provide this level of...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

A conspicuous contribution !

The Article has images
2007-12-04 17:40:46 by Richard Clayton in Light Blue Touchpaper
...helps everyone to work things out sensibly Of course I havent worked on these documents in isolation the whole point is that theyre a distillation of Best Practice from across the whole industry, and so theres been dozens of people from dozens of companies attending meetings, contributing text, reading drafts, and then eventually voting for...
 
Tags: formal linx meetings, linx meetings, linx, linx council, meetings, conspicuous contribution, contribution, fiercely competitive industry, internet
 
 
 
 
Expand article

Execute in PowerShell

2007-12-02 11:27:00 by Keith Brown in Security Briefs
 
As part of a disaster recovery script, early on I wanted to ensure that all of the vdirs on a server were using ASP.NET 2.0. That meant that I wanted to run aspnet regiis.exe -r but I didn't want to make any assumptions about what drive or directory Windows was installed in. What I wanted was something like this...
 
Tags: powershell, 50727aspnet regiis, env, powershell assumes, env namespace, exe, netframeworkv2, windirmicrosoft, call operator
 
 
 
 
Expand article

Autorun: good for you?

2007-09-23 05:29:48 by Steve Riley in Steve Riley o