SecurityRatty: tag: primitives

It Was Sposed to Be So Eaaasy

2008-09-10 07:12:42 by Gunnar Peterson in 1 Raindrop

...primitives, but it is still up to you to figure out all of the items on the Web services security checklist should work together in a cohesive system. Needless to say, there are many ways to shoot yourself in the foot So during our talk, someone from Oracle stands up and says, "hey, you guys are making this stuff sound hard. Its not hard we...

Security Evolution

2008-05-19 17:42:16 by Gunnar Peterson in 1 Raindrop

...primitives, especially in the identity space - SAML, Cardspace, and friends will one day let us live in a world where users are not typing username and password into a web browser to do online banking So maybe the innovation tide is turning, but there is a lot of ground to catch up, infosec about a decade behind the developers and probably...

Tags: security, information security, faith based security, security issues asp, asp, security issues, security architecture, ws-security, security architectures

Adapting to Shelf Life

2008-09-04 10:22:34 by Gunnar Peterson in 1 Raindrop

...primitives we have that actually work need to be engineered better to form fit to the rapidly changing software side. Its not good enough to say " we have it all figured out ", we have to apply the stuff that works to real software architectures. Why is the a dab of firewalls and SSL still our answer after all these years Two case studies of...

Tags: security, security technologies, real software architectures, software, security folk, technical realities, software security, web, web servicesxml

Oh No! Security Metrics!

2008-04-18 12:43:00 by sdl in The Security Development Lifecycle

...primitives and key lengths (Net effect: fewer security bugs up front Compiler and linker requirements (Net effect: extra defenses, in case you miss a bug Fuzz testing (Net effect: implementation bugs found before shipping So, to answer Mr. Lindstrom's question Could it really be that SDL has done nothing to help MS developers write better...

Tags: bugs, implementation bugs, fewer security bugs, fewer, security bugs include, security, metrics, security metrics, security bugs

More on Fallacy #4

2008-05-16 13:04:06 by Gunnar Peterson in 1 Raindrop

...primitives are there on the response side), the request side remains problematic More on the Fallacies by Arnon Rotem-Gal-Oz , who incidentally if you are interested in building a secure service has an interesting Service Firewall pattern , which I refer to as a TIDE firewall - dealing with Tampering, Information Disclosure, Denial of...

Tags: secure service, service, rest, rest specifies, service firewall pattern, network, fallacies, secure, pretty solveable

Keyczar: Safe and Simple Cryptography

2008-08-11 11:06:00 by Panayiotis Mavrommatis in Google Online Security Blog

...primitives in an unsafe manner, hard-coding keys in source code, or failing to anticipate the need for future key rotation. With these risks in mind, we're pleased to announce the open-source release of Keyczar Keyczar is a cryptographic toolkit that supports encryption and authentication for both symmetric and public-key algorithms. It...

Tags: keyczar, key, future key rotation, information, key version information, cryptography, download keyczar, source code, cryptography safer

The Skein Hash Function

2008-10-29 04:35:29 by schneier in Schneier on Security

...primitives suitable for most modern applications Skein is efficient on a variety of platforms, both hardware and software. Skein-512 can be implemented in about 200 bytes of state. Small devices, such as 8-bit smart cards, can implement Skein-256 using about 100 bytes of memory. Larger devices can implement the larger versions of Skein to...

Tags: skein, hash function, function, implement skein-256, implement, skein hashes data, skein website, hashes data, key derivation function

Keyczar: Safe and Simple Cryptography

2008-08-11 11:06:00 by Panayiotis Mavrommatis in Google Online Security Blog

...primitives in an unsafe manner, hard-coding keys in source code, or failing to anticipate the need for future key rotation. With these risks in mind, we're pleased to announce the open-source release of Keyczar Keyczar is a cryptographic toolkit that supports encryption and authentication for both symmetric and public-key algorithms. It...

Tags: keyczar, key, future key rotation, information, key version information, cryptography, download keyczar, source code, cryptography safer

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo