SecurityRatty: tag: process

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

...process. To summarize, what Ive tried to achieve in changing the process is to simplify, prescribe, and offer self-checks. Ill talk in the next post about why those three elements are so important to me. For now, let me describe the process One of the largest changes that weve made is to a simplified process (and diagram). I like to say that...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

Limiting Process Privileges Should Be Easier

2007-11-09 10:00:00 by Security Retentive in Security Retentive

...process sandbox for a process Prohibit new files, new sockets, etc., by setting the current and maximum RLIMIT NOFILE limits to 0 Prohibit filesystem access: chdir and chroot to an empty directory Choose a uid dedicated to this process ID. This can be as simple as adding the process ID to a base uid, as long as other system-administration...

Tags: process, uid, effective process sandbox, kill, prohibit kill, uid range, prohibit, privileges, target uid

Is CEP a Service or a Process? Reloaded

2008-05-30 14:29:32 by Tim Bass in The Complex Event Processing Blog

...Process? Paul Vincent of TIBCO blogs that anyclassification of CEP depends on the application, concluding that CEP is both a process and a service Well (sorry Paul!), I disagree. CEP is neither a process nor a service;CEP is a concept architecture for processing complex events. (I have advocated a CEP functional reference architecture , as...

Tags: cep, service, process, cep depends, cep solution, style, anarchitectural style, generic architectural pattern, complex events

More on CEP: Process, Service or Reference Architecture?

2008-06-02 08:43:56 by Tim Bass in The Complex Event Processing Blog

...Process? I posted Is CEP a Service or a Process? Reloaded . This post is a follow-up to my dialog with Paul and the CEP community, as a whole Some of the more remarkable critical comments on the book The Power of Events was that the book did not (for the most part)discuss architecture As we all know, there are many definitions of...

Tags: reference architecture, afunctional reference architecture, architecture, functional reference architecture, cep, real cep classes, cep classes, functional, discuss architecture

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...processes and associated threads. When an exception occurred, the first version of this tool simply logged the file that caused the exception along with associated details such as the timestamp, exception code, exception address, stack trace and dump file. More recent versions have included the ability to monitor for CPU and memory spikes as...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

Event-Driven Business Process Management and the Example of the Deutsche Post AG

2008-03-08 05:08:08 by Rainer von Ammon in The Complex Event Processing Blog

...Process Management taking the Example of Deutsche Post AG: An evaluation of the Approach of Oracle and the SOPERA Open Source SOA Framework The topic of thisthesis was the prototypical integration of the Oracle products Oracle BPEL (Business Process Management Oracle BAM (Business Activity Monitoring), and Oracle CEP (Complex Event...

Tags: business process management, business process, oracle bpel, oracle, oracle cep, oracle bam, oracle headquarters, sopera system environment, deutsche post

Microsoft SDL Process in detail

2008-04-09 19:13:00 by sdl in The Security Development Lifecycle

...process as practiced at Microsoft. Additional assurance work may be performed by product teams (but not necessarily documented) at their discretion. As a result, this example should not be considered as the exact process that Microsoft follows to secure all products This documentation should not be interpreted to be a commitment on the part...

Tags: sdl, microsoft sdl, sdl process, microsoft, sdl guidance, guidance, secure, secure software development, development

Business process testing and simulation for optimized BPM

2008-07-16 13:19:50 by Brein E. Nally in WhatIs: Enterprise IT tips and expert advice

Rami Jaamour discusses the difference between business process simulation and business process testing and how both testing requirements are complementary for BPM

Tags: business process, business process simulation, rami jaamour discusses, bpm, requirements, difference, complementary

Process Doubling

2008-01-27 22:44:57 by RSnake in ha.ckers.org web application security lab

...process. Its also fairly easy with some programming to create a switch in the code, to look for a different string and jump into a different mode. It could be a clever way around a fairly complex set of circumstances. Anyway, yet another odd thought

Tags: web server, fairly complex set, set, fairly straight forward, egress, fairly easy, fairly common occurrence, easy, firewall egress

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo