SEARCH RESULTS
 
Showing 1-7 of 7 records
1
 
Expand article

What If All Vulnerabilities Had This Disclosure Timeline?

2008-02-07 02:08:33 by Chris Wysopal in Zero in a bit
 
...SDLC. A vendor cant bluff their way out of a comprehensive code assessment like they can from just a single (or a few) vulnerabilities publicly reported. If their code is full of vulnerabilities their customers will know UPDATE 2/09/08: It seems the RealPlayer vulnerability being used in mass website attacks as reported by SANS ISC is not the...
 
Tags: vulnerability finders, vulnerability, vulnerability exists, heap overflow vulnerability, gleg realplayer vulnerability, gleg customer, customer, gleg, exploit code
 
 
 
 
Expand article

Thoughts on OWASP Day San Jose/San Francisco

2007-09-11 08:39:00 by Security Retentive in Security Retentive
 
...SDLC. For an example, see this post If nothing else was achieved last Thursday we had great turnout for the local OWASP event, better than I've seen so far. We also got to try out part of the space that will be used for the fall conference. I think it went well, but I guess we'll have to get the other folks present to weigh-in with their...
 
Tags: privacy, privacy concerns, diverse privacy regulations, privacy policies, privacy considerations, specific privacy regulations, privacy proper, privacy regulations, panel discussion
 
 
 
 
Expand article

The Case For Information Security

The Article has images
2008-03-21 14:08:00 by Random InfoSec Guy in Security Coin
...SDLC of a company and quarterly validation by different independent 3rd parties would be nice :) )and stricter enforcement - with real hefty fines - Wall St. may just continue to look the other way ..and we all know that Wall St is what matters
 
Tags: attack, mdac attack, sql injection attack, card, card data, sql injection, million card, loss, pci
 
 
 
 
Expand article

Web Security - Scanners, Firewalls and the SDLC

2008-03-15 15:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
There is no magic bullet for website security. If you've got a strategically important web product then you have to take a strategic approach to it's security. You'll find a lot of online resources that discuss how to do this. The OWASP site remains the most comprehensive and best. As soon as a website is in production being used by customers,...
 
Tags: security, website, website security, ngs typhon, ngs, typhon, subject, applications, immediately subject
 
 
 
 
Expand article

My Favorite RSA Sessions

2008-04-12 21:58:00 by Security Retentive in Security Retentive
 
...SDLC: From Principle to Practice This session was a fantastic overview of the SDL practices that EMC has been implementing for the last 2 years. A pretty good overview of what it takes to rollout the SDL against a bunch of products DEV-301 Effective Integration of Fuzzing into Development Life Cycle A really good overview of what fuzzing...
 
Tags: excellent overview, excellent, overview, credit report, credit, fantastic overview, rsa, report, kba
 
 
 
 
Expand article

Catalyzing security in service orientation

2008-06-30 16:31:36 by Burton Group in Security and Risk Management Strategies Blog
 
...SDLC, and most of all, work with ourselves to make sure we're able to apply consistent principles of information assurance no matter what the next best thing in SOA technology is. There is time to get things right, and the best time to start is now
 
Tags: security, soa, soa train, soa implementation, soa security overview, security professionals, infrastructure security, architecture, enterprise architecture
 
 
 
 
Expand article

Catalyzing security in service orientation

2008-06-30 16:31:36 by Burton Group in Security and Risk Management Strategies Blog
 
...SDLC, and most of all, work with ourselves to make sure we're able to apply consistent principles of information assurance no matter what the next best thing in SOA technology is. There is time to get things right, and the best time to start is now
 
Tags: security, soa, soa train, soa implementation, soa security overview, security professionals, infrastructure security, architecture, enterprise architecture
 
 
 
 
 
Showing 1-7 of 7 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia