SEARCH RESULTS
 
Showing 1-10 of 123 records
 
Expand article

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle
 
...perform security analysis on your application 3. Results that show how the analysis resulted in improved security The good news is that you can attain these components with tools that are already available. The one consistent minimum requirement is that your code compiles/builds within Visual Studio 2005 SP1. The SP1 piece of this is...
 
Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements
 
 
 
 
Expand article

Clouding and Confusing the CEP Community

2008-04-20 11:16:38 by Greg Reemler in The Complex Event Processing Blog
 
...perform a VWAP if they chose, and estimate a good time to enter and exit the market. This is good However, the same software, at this point in time,cannot processmany market data feedsin NASDAQ and provide a reasonable estimate of why the market moved a certain direction based on a statistical analysis of a large set of event data where the...
 
Tags: event cloud, event, event relationship, event data, event stream, event types, event streams, streamof market data, market data
 
 
 
 
Expand article

CISA and CISSP Preparation

The Article has images
2008-07-31 13:14:07 by Erik T. Heidt in Art of Information Security
...Perform an initial benchmark and assessment of your readiness Read a survey level preparation guide cover to cover Perform a secondary benchmark, and compare your readiness Review official, or deep dive, preparation materials on areas identified as your weaknesses Re-benchmark, and repeat targeted reviews until ready For the first...
 
Tags: exam, exam requirements, cissp exam preparation, half-length exam, exam cram series, certification exam, exam preparation materials, preparation materials, cissp
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...perform. In this post, I'd like to shed some light on how we monitor for program failures when fuzzing parsers and how the recent animated cursor bug, MS07-017 caused us to revisit and ultimately improve our fuzzing tools Background For our purposes, fuzz testing is a method for finding program failures (code errors) by supplying malformed...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

Virtualization and security - are we missing the wood for the trees?

2008-03-31 12:05:40 by Paul Stamp in Security & Risk Management
 
...perform AV and intrusion inspection from inside the virtual machine, or have the host perform all the functions All pretty tedious if you ask me. I reckon we've some much bigger problems in a virtual world Isn't it more of a problem that in a virtual world its harder to keep track of what business activities happen where? Isn't the patch and...
 
Tags: security, virtualization, security business model, options virtualization introduces, subtle virtualization threats, business, security services, virtual machine, virtualization center
 
 
 
 
Expand article

Sexing up the logs

2008-04-03 04:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
...perform security functions like intrusion detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS ). Section A.10 of ISO27001 states: Audit logs recording user activities, exceptions, and information security events shall be produced and kept for an agreed period to assist in future...
 
Tags: logs, logs enables, security event logs, security, review logs, perform security functions, log, log output, information security events
 
 
 
 
Expand article

Stolen SunGard laptop affects at least 10 post-secondary schools

The Article has images
2008-04-21 14:49:39 by Evan Francen in The Breach Blog
...performance by improving constituent services, increasing accountability, and enhancing the education experience SunGard Higher Education has a vision to unify people, process, and technology in an environment that addresses the needs of higher education institutions and the people they serve. We call this vision the Unified Digital Campus...
 
Tags: information, personal information, store confidential information, university, university system, data custodians apply, data custodians, information security governance, sungard
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...performs the database work So now that you've determined the database access code, now what? The SDL is very specific about what do here, there are three requirements - they are requirements not recommendations, which means you must do the following coding requirements and defenses Use SQL Parameterized Queries Use Stored Procedures Use SQL...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

On the Maturity of CEP

2008-06-01 04:39:37 by Tim Bass in The Complex Event Processing Blog
 
...performing low latency calculations across streaming market data. The calculations they perform are stillrelatively straight forward and they focus on how to promote white-box algo trading with commercial-off-the-shelf (COTS) software. In this domain, wemight be better off not using the term CEP at all, as thisappears to besimply a type of...
 
Tags: cep, cots software, software, cep capabilties, cep vendors, cots cep software, term cep, complex event, complex
 
 
 
 
Expand article

An Open Letter to NIST About SP 800-30

The Article has images
2008-06-09 23:57:20 by rybolov in The Guerilla CISO
...Perform risk avoidance because compliance models are yes/no frameworks Document Profit At Your Own Risk Photo by Mykl Roventine The reason that I am writing this is to let you know that I have noticed a disturbing trend in how now that we have a catalog of controls, the risk management framework is focusing more and more heavily on the...