SecurityRatty: tag: process-centric

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

Adam Shostack here, with the second post in my series on the evolved threat modeling process. To summarize, what Ive tried to achieve in changing the process is to simplify, prescribe, and offer self-checks. Ill talk in the next post about why those three elements are so important to me. For now, let me describe the process One of the largest...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

Limiting Process Privileges Should Be Easier

2007-11-09 10:00:00 by Security Retentive in Security Retentive

I was reading DJB's retrospective on 10 years of qmail security and while I'll comment on a few of his thoughts in a separate post, one thing that struck me was his discussion of how to create a relatively effective process sandbox for a process Prohibit new files, new sockets, etc., by setting the current and maximum RLIMIT NOFILE limits to...

Tags: process, uid, effective process sandbox, kill, prohibit kill, uid range, prohibit, privileges, target uid

Is CEP a Service or a Process? Reloaded

2008-05-30 14:29:32 by Tim Bass in The Complex Event Processing Blog

In Is CEP a Service or a Process? Paul Vincent of TIBCO blogs that anyclassification of CEP depends on the application, concluding that CEP is both a process and a service Well (sorry Paul!), I disagree. CEP is neither a process nor a service;CEP is a concept architecture for processing complex events. (I have advocated a CEP functional...

Tags: cep, service, process, cep depends, cep solution, style, anarchitectural style, generic architectural pattern, complex events

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

Scott Lambert here. I work on the Security Engineering Tools team where we're responsible for researching, developing and publishing tools to internal product and service teams. These include fuzzing, binary analysis and attack surface analysis tools Previously, James Whittaker posted a blog entry on Testing in the SDL in which he mentioned that...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

Event-Driven Business Process Management and the Example of the Deutsche Post AG

2008-03-08 05:08:08 by Rainer von Ammon in The Complex Event Processing Blog

Christoph Emmersberger and Florian Springer have finished theirthesis which was written onsite at Oracle Headquarters in Redwood Shores, CA, USA Event-Driven Business Process Management taking the Example of Deutsche Post AG: An evaluation of the Approach of Oracle and the SOPERA Open Source SOA Framework The topic of thisthesis was the...

Tags: business process management, business process, oracle bpel, oracle, oracle cep, oracle bam, oracle headquarters, sopera system environment, deutsche post

Microsoft SDL Process in detail

2008-04-09 19:13:00 by sdl in The Security Development Lifecycle

Hello all Dave here I am currently at RSA and decided to take a few moments to blog about some updates to the Security Development Lifecycle. Admittedly, I have been radio silent on the blog for awhile for those that know me, thats usually a warning signal that I am cooking something up Anyway, back when we first started this blog we promised...

Tags: sdl, microsoft sdl, sdl process, microsoft, sdl guidance, guidance, secure, secure software development, development

Business process testing and simulation for optimized BPM

2008-07-16 13:19:50 by Brein E. Nally in WhatIs: Enterprise IT tips and expert advice

Rami Jaamour discusses the difference between business process simulation and business process testing and how both testing requirements are complementary for BPM

Tags: business process, business process simulation, rami jaamour discusses, bpm, requirements, difference, complementary

Process Doubling

2008-01-27 22:44:57 by RSnake in ha.ckers.org web application security lab

I was working on a client a week ago or so and we completely compromised their network. Its a fairly common occurrence during an audit (given there are logistical reasons that make many common techniques off limits). It was mission accomplished for showing the vulnerabilities in the client. However, I started thinking about the firewall egress...

Tags: web server, fairly complex set, set, fairly straight forward, egress, fairly easy, fairly common occurrence, easy, firewall egress

Keeping your change management process honest

2008-03-17 15:20:34 by Russell Olsen in WhatIs: Enterprise IT tips and expert advice

Learn how to set up an audit support center for your change management process

Tags: change management process, audit support center, set

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo