SecurityRatty: tag: surface

The Naval Surface Warfare Center warns employees

2008-01-16 09:51:41 by Evan Francen in The Breach Blog

...Surface Warfare Center Dahlgren Division (NSWCDD Dahlgren is a weapons-system research and test center for the Navy. About 2,800 civilian federal workers and another 3,000 civilian contractors work at the base on the Potomac River Victims current and former federal employees who worked at the Naval Bases in Dahlgren, Va., Silver Spring,...

Minimizing the Attack Surface, Part 1

2008-06-24 19:09:34 by Chris Eng in Zero in a bit

...surface. You learned how to disable services using /etc/inetd.conf. Then you learned about rc.d and how to prevent unnecessary services from being launched at startup. Next, maybe you configured the Xserver to disallow remote connections or moved on to removing setuid permissions from files. As you worked, youd periodically re-scan the box to...

Tags: attack surface, custom web applications, web, services, prevent unnecessary services, unnecessary services, security, third-party libraries, fix security holes

Minimizing the Attack Surface, Part 2

2008-07-07 21:10:25 by Chris Eng in Zero in a bit

...surfaces. Heres Part 1 , in case you missed it First, a quick clarification. I noticed that some of the readers who commented on that first post wanted to talk about improving security through the use of various development methodologies or coding frameworks. Those are interesting tangents (and ones that I may write about in the future), but...

Tags: dwr-invoker dwr, dwr-invoker, dwr library, dwr, library, security, dwr dispatcher, security posture, point-in-time application profile

"Walking" with the SDL - Part 3

2008-07-23 16:43:00 by sdl in The Security Development Lifecycle

...surface review data. Ill wrap up with a look into final security reviews and managing post-release documentation Formalize Requirements for long-term use Now that you are making security development a lifecycle, it is time to lock down and formalize your security requirements. At this point, you need to take what youve learned and begin...

Tags: security requirements serve, security requirements, security development lifecycle, security development, requirements, lifecycle, security lifecycle, security, security ecosystem

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle

...surface of the software being developed. Attack surface is the enumeration of all possible entry points that an attacker could use to compromise software (code listening to network interfaces, code that accepts data from external sources, etc). The SDL requires development teams to both minimize attack surface in the software they are...

Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system

The role of control depth in assessment quality

2007-09-12 12:17:00 by Bryan in practical risk management

...surface audits are fine. But if you want to understand your true security exposure, you have to dig deeper. It's not enough to ask whether regular backups are taken and stored offsite. You have to ask how often. You have to ask where the tapes are stored before being transported offsite (hint: "under the receptionist's desk" isn't going to...

Tags: audit, external sox audit, physical security, security audit, questions, pretty in-depth questions, dig deeper, control, surface

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle

...surface 2. Tools that will perform security analysis on your application 3. Results that show how the analysis resulted in improved security The good news is that you can attain these components with tools that are already available. The one consistent minimum requirement is that your code compiles/builds within Visual Studio 2005 SP1. The...

Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements

Measuring Vulnerability

2008-04-14 14:31:38 by JonesJ in RiskAnalys.is

...surface. And by bringing it to the surface, it allows us to better understand and analyze risk scenarios If theres interest, I can provide a couple of examples in a future post. Also, if theres interest, I can include an example where the threat event is due to error rather than malicious intent

Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control

Can you hear me now?

2008-06-27 10:56:10 by Gunnar Peterson in 1 Raindrop

...surface, the only thing lacking is the attacker's ability to find and exploit which I strongly suspect is just a matter of time. Wrt hacking an intrusions we have the remote, passive nature of web security to blame here in Web services world. Paraphrasing Jeff Williams , the problem is that an attacker can just try an attack if it doesn't...

Tags: web services, web services world, web services security, data breach report, report, attack, massive attack surface, companies follow verizon, data

"Walking" with the SDL - Part 1

2008-07-18 16:55:00 by sdl in The Security Development Lifecycle

...surface review data, the importance of final security reviews, and managing post-release documentation. All of these are components to walking with the SDL Before I jump into detailing what you can do to walk with the SDL, lets look back at a snapshot of what you should already have in place from learning to crawl. At a high level, crawling...

Tags: development, secure development practices, development culture, security development practices, sdl, security, security practices, perform security analysis, application security

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo