SecurityRatty: tag: tester

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle

...tester to determine if a bug needs to be filed. When fuzzing over a period of time however, we might generate hundreds of exceptions and it becomes a very labor-intensive process to sift through all of them. What we needed was a way to ease the burden placed on the tester To that extent, the mini-debugger was extended to enable the automatic...

Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions

Third Annual Movie-Plot Threat Contest Winner

2008-05-15 06:24:06 by schneier in Schneier on Security

...Tester Toothpaste Strips : Many Americans were shocked to hear the results of the research trials regarding heavy metals and toothpaste conducted by the New England Journal of Medicine, which FDA is only now attempting to confirm. This latest scare comes after hundreds of deaths were linked to toothpaste contaminated with diethylene glycol, a...

Tags: health risk, risk, criminal risk, toothpaste immediately, toothpaste, common household risk, toothpaste test strips, annual movie-plot threat, terrorism risk

Sexy Development Lifecycle

2008-01-30 01:37:00 by sdl in The Security Development Lifecycle

...testers and describe a new method of hacking Ajax apps, what have I really accomplished? I suppose that a few of those people might use my ideas to find vulnerabilities in the field, which is good. But security shouldnt start with the pentester after all, you cant test security into a product. Security should start with the developer, and...

Tags: developer security, developer security issues, security issues, developer, love developer cons, security, attend developer cons, developer cons, sdl

The Other Side of Life

2008-03-21 16:06:00 by sdl in The Security Development Lifecycle

...tester, Im just a developer, but it should work At which point the room erupted into hysterical laughter It should work means I think so, but we have to test it. And that means the whole battery of tests for each of the affected components, across all of the supported platforms. And that has to be scheduled in test labs. To be clear, this...

Tags: team, product team, engineers, security engineers, security, balance security, security professional, test managers, test

Not a CISSP

2008-04-18 14:36:41 by Chris Eng in Zero in a bit

...tester, reverse engineer, or vulnerability researcher is more marketable than the guy who knows a little bit about dozens of different disciplines but cant apply that knowledge in a practical situation. The CISSP subject matter illustrates this perfectly you have cryptographic algorithms, site location principles, network security, and civil...

Tags: cissp, cissp certification, security, cissp button, network security, information security, security career, career, cissp title

Dilbert Does Canonicalization

2008-05-05 12:03:32 by Chris Eng in Zero in a bit

...tester in me wants to get to the bottom of this, but unlike some of the web app security people out there, I tend to be more conservative about hacking stuff without a signed contract. Also, I dont think I can stand to read any more un-funny punch lines. But my gut tells me there is something fairly interesting going on behind the scenes...

Tags: dilbert, dilbert mashups, mashups, comic, dilbert website, daily comic, comics, un-funny punch lines, dilbert comics

Six hours to hack the FBI (and other pen-testing adventures)

2008-05-27 00:00:00 by Sandra Gittlen in Network World on Security

It takes a lot to shock Chris Goggans; he's been a pen (penetration) tester since 1991, getting paid to break into a wide variety of networks. But he says nothing was as egregious as security lapses in both infrastructure design and patch management at a civilian government agency -- holes that let him hack his way through to a major FBI crime...

Tags: shock chris goggans, civilian government agency, patch management, security lapses, hack, hours, infrastructure design, wide variety, lot

Links for 2008-06-17 [del.icio.us]

2008-06-18 00:00:00 by Editor in Anton Chuvakin Blog -

...tester. Amazon.com and Nirvanix Learning from Server Logs Log Talk Blog Archive Ten reasons you will be unhappy with your SIM solution and how to avoid them Ten reasons you will be unhappy with your SIM solution Schneier on Security: How to Sell Security PCI Blog - Compliance Demystified Blog Archive PCI Compliance and Virtualization PC World...

Tags: data, security, data breaches, world, security vendor iplocks, network world, sim solution, infosec compliance, storage cloud provider

Collaboration in the Cloud, Virtual Worlds and the Hacker Mindset

2008-07-17 15:51:24 by Craig Balding in Cloud Security

...tester and security researcher and in this 10 minute video, Michael shares the result of his security research on Second Life He covers In-game cheating Identity theft Attacking 3rd party servers using Linden Scripting Language (think about the liability issues and the providers ability to track abusers For those interested in more detail,...

Tags: virtual worlds, worlds, research, vulnerability research, security research, life, life property owners, life research community, collaboration

Walking with the SDL Part 2

2008-07-21 16:56:00 by sdl in The Security Development Lifecycle

...tester needs to know how to set security rules in test tools, how to perform penetration testing, and what the security quality criteria is for your product, or how to file a security bug The PM needs to understand how to define measurable goals or how security policies can be factored into feature design The business decision maker of your...

Tags: define security requirements, security requirements, requirements, security, security development lifecycle, development lifecycle, security pulse, perform security analysis, principles

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo