owasp

Happy New Year everyone! Welcome to the first edition of Interesting Information Security Bits for 2010. We have great crop of things to check out today.

Here are today's Interesting Information Security Bits from around the web.

  1. If you couldn't make it to #26C3, many of the talks are now available on video. Check it out here.
    Download the #26C3 videos and bonus material | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( conferences 26c3 videos )
  2. Uh-oh. Not good.
    NIST-certified USB Flash drives with hardware encryption cracked - The H Security: News and Features
    Tags: ( usb encryption )
  3. Interesting look at small and mid-sized companies being targeted by cyber gangs. By the way, this is Brian Krebs's new site. He is no longer with the Washington Post. Make sure to add it to your RSS reader.
    Buried Warning Signs -- Krebs on Security
    Tags: ( online-banking theft )
  4. Very cool. A new e-mag has been started. Into the Boxes is an e-mag about digital forensics and incident response. Good stuff.
    Into The Boxes: Issue 0x0 << Into The Boxes
    Tags: ( incident-response forensics )
  5. Jack is ready to get the Shmoobus back on the road. If you are in northeast and looking for a ride, check it out.
    Uncommon Sense Security: Shmoobus II
    Tags: ( conferences shmoo )
  6. Mike Rothman has joined Securosis. Good things will come of this.
    Securosis Blog | Introducing Securosis Plus: Now with 100% More Incite!
    Tags: ( general )
  7. Nifty. Version 2 is now available of the Web Application Security Consortium's Threat Classification
    The Web Application Security Consortium / Threat Classification
    Tags: ( wasc threat-classification )
  8. A neat map of the WASC Threat Classification document to the OWASP Top Ten RC1.
    Jeremiah Grossman: WASC Threat Classification to OWASP Top Ten RC1 Mapping
    Tags: ( owasp wasc threat-classification )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very good article on an issue that we need to think about as those who are very social media focused are working in our organizations.
    Lifestyle Hackers - CSO Online - Security and Risk
    Tags: ( social-media )
  2. You know you've been wanting to try it.
    Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
    Tags: ( passwords cloud cracking )
  3. Wonder what the latest changes to MA 201 CMR 17.00 are? Jack does us all a wonderful service by showing us the differences.
    Uncommon Sense Security: diff MA 201 CMR 17.00
    Tags: ( ma-201-cmr-17 )
  4. Part two of SynJunkie's latest story is up.
    Syn: Bobs Double Penetration Adventure - Part 2
    Tags: ( story wifi pentest )
  5. The latest version of Microsoft's Security Intelligence Report is available.
    Download details: Microsoft Security Intelligence Report volume 7 (January - June 2009)
    Tags: ( intelligence report microsoft )
  6. This post points out that we really need to be able to communicate with non-technical audiences. It then points to a new SANS short course that helps us learn how to do that more effectively. Looks very interesting.
    Keys to Professional Communication | Courses, Training | Enclave Forensics
    Tags: ( presenting speaking writing )
  7. This page contains links to a wealth of information on psychology and information security. Fascinating stuff that will keep you busy for quite some time.
    Hat tip: Adam @ The New School of Information Security Blog
    Psychology and Security Resource Page
    Tags: ( psychology )
  8. Here is the third and final part of SpyLogic's Enterprise Open Source Intelligence Gathering series. It focuses on monitoring and social media policies.
    Enterprise Open Source Intelligence Gathering - Part 3 Monitoring and Social Media Policies -- spylogic.net
    Tags: ( gathering intelligence )
  9. This is a nicely detailed post on using OWASP ESAPI for output validation. You are validating your output, right? It is actual the second in a series. The first part on input validation is linked to at the beginning and is also worthy of a gander.
    Output Validation using the OWASP ESAPI << Security Ninja
    Tags: ( output-validation owasp esapi )
  10. Anton posits that FUD is good sometimes. Interesting perspective. The New School Security blog has an interseted reponse too: http://newschoolsecurity.com/2009/10/just-say-no-to-fud/
    A Treatise on FUD - fudsec.com
    Tags: ( iis fud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A security code review guide, security developer guide and a security testing guide. That sure looks like a trifecta to me. Man, my reading pile is getting HUGE!
    Writing Secure Software: OWASP Releases World's First Security Code Review Guide for Free
    Tags: ( owasp guides )
  2. Slightly off topic, but I really want this setup.
    From My Couch... Thy Social Media Monitoring Shall Be Done | The Home of Peter Shankman - Shankman.com
    Tags: ( ot )
  3. Here's a quick tip from the folks a Tenable on finding Open SMB file shares.
    Tenable Network Security: nessuscmd Tip: Finding Open SMB File Shares
    Tags: ( nessus tips fileshares )
  4. Lori brings up some really good points.
    The Web 2.0 API: From collaborating to compromised
    Tags: ( api )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Somebody Got Some Splaining To Do

by kriggins on January 16, 2009

in General, programming

An attribution would have avoided a problem here.

Marcin has a post up comparing the SANS Application Security Procurement Language and the OWASP Secure Software Contract Annex.

Give it a read and see what you think.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

And another Friday dawns. I hope yours goes well. Here we go with today's bits.

From the Blogosphere.

Via Alan over at StillSecure, the Aberdeen Group is looking for some data on IT Security Patch and Vulnerability Management. To get it, they are asking for us to participate in a survey. We get a shiny report gratis if we do. I probably will.

There is post up over at tssci-security that is taking a look at a several of topics all mashed together, the value of the CISSP certification, specialist or generalist when it comes to InfoSec and a new project being put together by the OWASP group, the People Certification Project. Some interesting thoughts in both the post and comments. BTW - he references Dan Greer's Source Boston keynote speech. It is well worth reading several times as I believe I have noted before.

Looks like there are some local root shennanegins that can be excersized on a Mac with versions 10.4 and 10.5 of Mac OS X installed. Good old suid fun, but does it really matter? Check out Zero Day's post and come to your own conclusions.

The Princess of Antiquity is tackling fairly daunting task in bringing a series of articles to us about cryptography that are couched terms the layman can understand. The first is up and is well written. Check it out.

Tom over at Spylogic gave a talk about Online Social Networks: 5 threats and 5 ways to use them safely. He has made his presentaion available here.

JJ has some good guidance for us if we are considering the implimentaion of 802.1x. Very good stuff.

Via Security4All, Backtrack 3 Final has been released.

From the Newsosphere.

Via NetworkWorld, Mitchell Ashley reports to us that Red Hat has decided to develop their own virtualization platform based on the Kernel Virtual Mode which is built into the Linux kernel. Go read his article for the reasons for this decision.

From Hack in the Box and ARN, a new report is out about a skills shortage in IT positions, including security specialists, is causing salaries to rise. Good for those down under.

Have a great Friday and wonderful weekend.

Kevin

Technorati Tags: , , , , , , , , , ,

{ 0 comments }