Blog Posts Tagged with "Testing"


ENISA: Cybersecurity Exercises Enhance Cooperation

June 14, 2012 Added by:Headlines

The European Network and Information Security Agency (ENISA) organized two small-scale cyber security exercises on 30th May and 6th June. The exercises were held to familiarize participants with cross-border cooperation procedures and mechanisms for dealing with large-scale cyber crises in Europe...

Comments  (0)


Ensuring Data Integrity via Checks, Tests, and Best Practices

June 04, 2012 Added by:Fergal Glynn

As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...

Comments  (0)


Why AppSec Won't Always Bail You Out

May 24, 2012 Added by:DHANANJAY ROKDE

The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...

Comments  (0)


The Benefits of the Cloud for Performance Testing

May 24, 2012 Added by:Bill Gerneglia

By allowing test teams to instantly deploy existing performance test scripts to cloud-based load generators, the load is created on pre-configured systems provisioned in the cloud. This eliminates the effort and cost related to extending the on-premise test infrastructure...

Comments  (0)


NoOps and the Role of Infosec in Software Development

May 23, 2012 Added by:Rafal Los

The NoOps approach to software provides an opportunity to tightly integrate security, but we've got to get it right. If you can implement security during these cycles, spend time analyzing how workstreams will flow and what tools will be used to standardize and automate...

Comments  (1)


The Color of Intent

May 17, 2012 Added by:Jayson Wylie

If I said "hacker", everyone knows what goes along with that, and the audience may be impressed or annoyed depending on their fanfare or if they have been victimized. People still think hacker when they hear "pentester" and do not believe the in the existence of pure "white hats"...

Comments  (1)


Hacking-Kung Fu: Aims and Objectives Part 2

May 06, 2012 Added by:Quintius Walker

A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...

Comments  (3)


What’s Going Right with Your Secure Development Efforts?

May 04, 2012 Added by:Fergal Glynn

Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?

Comments  (0)


Three Areas to Test when Assessing Mobile Applications

May 02, 2012 Added by:Tom Eston

Mobile Application testing is something that will evolve as mobile apps get more complex and the business drives more towards mobile solutions. If you’re deploying mobile apps for your business it’s more important than ever to have testing done on three areas at a minimum....

Comments  (1)


Mobile Applications Shouldn’t Roll Their Own Security

May 01, 2012 Added by:Brent Huston

Many of the applications being designed are being done so by scrappy, product oriented developers. This is not a bad thing for innovation - in fact just the opposite - but it can be a bad thing for safety, privacy and security...

Comments  (0)


When Statistics Fail: Planning for Things You Can't Expect

April 27, 2012 Added by:Rafal Los

In incident preparedness, if you don't already, maybe it's time for a chapter on worst case scenarios. Lots of organizations have these, but as I pointed out, many aren't even thinking about testing their own incident response plans much less looking at the absolute worst-case...

Comments  (0)


Exposing Unproven Enterprise Security

April 25, 2012 Added by:Rafal Los

Before you call me an alarmist, unless you've tested your defenses you can't actually be sure with any amount of certainty whether they work. I don't mean this in a "can we ever be really sure?" philosophical sense here - I mean this in a concrete "does this even work?" sense...

Comments  (0)


AppSec Mistakes Companies Make and How to Fix Them

April 24, 2012 Added by:Fergal Glynn

We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...

Comments  (0)


Reflections on Ten years of Software Security

April 21, 2012 Added by:Rafal Los

Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...

Comments  (0)


Protecting Your Enterprise by Breaking It

April 20, 2012 Added by:Rafal Los

In a nutshell, if you (in information security) haven't broken things in your organization's networks, you're likely terribly unprepared for when things to wrong and thus are doing it wrong. Now, before you come all unhinged, read the rest of this post...

Comments  (0)


Open Source Code in the Enterprise - Keys to Avoiding Vulnerabilities

April 18, 2012 Added by:Rafal Los

There is no debate in the open vs. closed source software question. Either can be made well, or poorly. Either open source or closed source can be relatively secure, or riddled with easy-to-exploit holes. We don't need to rehash this, but there appears to be some new data...

Comments  (0)

Page « < 1 - 2 - 3 > »