web app security

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a nice post talking about fuzzing with Burp.
    ClearNet Security : need to do a GET before POST, fuzzing with BURP and WebScarab
    Tags: ( webappsec fuzzing burp )
  2. I know it seems like I point out every FudSec.org post that happens and, actually, I do. It's because they are all great posts that have good thought generating material. Jayson attacks Cyberwar in this week's edition.
    Beware of Falling Turtles (Plus other things that shouldn't really frighten us) - fudsec.com
    Tags: ( fudsec cyberwar )
  3. This is a must read in my opinion. I have only read the executive summary and skimmed the assurance framework part so far, but they alone are worth the price of admission. I look forward to digging into the assessment portion soon.
    Cloud Computing Risk Assessment -- ENISA
    Tags: ( cloud risk-assessment )
  4. Craig has an interview with Giles Hogben up with some insight into the new Cloud Security Risk Assessment mentioned above.
    ENISA Cloud Security Risk Assessment: An Interview with Giles Hogben | Cloud Security
    Tags: ( cloud risk-assessment )
  5. Anton takes an interesting approach to why PCI is good.
    Anton Chuvakin Blog - "Security Warrior": Smart vs Stupid: But Not Why You Think So!
    Tags: ( pci )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is some interesting data. I haven't run through it completely yet, but it takes the results of a bunch of scans and then does some mapping against PCI DSS. Fun with numbers 🙂
    Web Application Security Consortium (WASC) 2008 Statistics Published | Darknet - The Darkside
    Tags: ( metrics webappsec )
  2. This article discusses the decision to ship Windows 7 with a default UAC setting of medium-high.
    Windows 7's security 'time bomb' | The Last Watchdog
    Tags: ( windows-7 uac )
  3. An interesting post by Chris on risk/threat vs risk issue. When does a risk or threat become a risk issue for your organization?
    Risk / Threat vs. Risk Issue << Risktical Ramblings
    Tags: ( risk )
  4. Paul offers a couple thoughts on social networking and data leakage.
    Social networking in the antipodean spotlight | Paul Ducklin's blog
    Tags: ( social-engineering data-leakage )
  5. SynJunkie has another story based post up. This time about the dangers of dual-homing, specifically with a wired connection and a wireless one.
    Syn: Bobs Double Penetration Adventure - Part 1
    Tags: ( pentest )
  6. The Whitehouse has moved their website from an internally developed CMS to Drupal. Rsnake offers up some thoughts on why this might be both good and bad.
    Whitehouse Drupal and The Open Source Security Model ha.ckers.org web application security lab
    Tags: ( drupal cms whitehouse )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Whew! What a relief. Apparently I don't need to be concerned about security when using cloud services. It really isn't that big a deal. Well, at least according to this blog post.
    Clavister: Cloud security concerns are unfounded : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( cloud )
  2. An interesting issue still exists in Windows 7.
    Windows 7 Fail - F-Secure Weblog : News from the Lab
    Tags: ( windows-7 )
  3. Dave developed a checklist based on the CWE/SANS Top 25 programming errors. As he says, a checklist doesn't make you secure. However, it sure doesn't hurt either.
    trustedsignal -- blog: Application Security Checklist
    Tags: ( webappsec checklist development )
  4. Bill shares his second set of tips on a career in security. This time for those that are looking for a gig, instead of looking to keep the one they have.
    Career Advice for Security Geeks, Part 2 : The Security Catalyst
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You may have already heard, but Heartland and RBS are having some PCI issues.
    Visa yanks creds for payment card processing pair * The Register
    Tags: ( pci )
  2. Good tips and suggestions here.
    Gaining and Maintaining Professional Momentum During Difficult Times : The Security Catalyst
    Tags: ( career )
  3. Nifty information on digging into what information Firefox keeps as you peruse the internet.
    Firefox 3.X Forensics: Using F3e << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics firefox )
  4. A nice source for lots of HIPAA information. (Via @privacyprof)
    FAQ: What is the impact of HIPAA on IT operations?
    Tags: ( hipaa )
  5. Yup. Part 3 of Synjunkie's "Abusing Citrix" series is up. Again, good stuff.
    Syn: Abusing Citrix - Part 3
    Tags: ( hacking citrix )
  6. Jeff has a great post about first solutions and thoughts. Good stuff.
    How to Catch a Balloon : The Security Catalyst
    Tags: ( general )
  7. Chris has a real good primer/reminder on performing an effective and complete application security risk assessment. Good stuff. I hope he gets permission to share more details.
    Application Security Risk Assessments << Risktical Ramblings
    Tags: ( risk assessment application )
  8. Bill has a slide show up from his trip to Boston for SOURCEBoston.
    CSO Online - Security and Risk - Slideshow - SOURCE Boston Security Conference - Slide 1
    Tags: ( source conferences )
  9. Wow. Just wow. (via @brianhonan)
    Drunken BOFH wreaks $1.2m in Oz damage * The Register
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody. Here are few things worth taking a gander.

Dave Lewis over at Liquidmatrix points us to an service that appears to be very helpful. It is a service offered by Jane's that tracks terrorism and insurgent activities around the globe. As Dave states, it's a bit pricey for an individual, but probably well worth it for corporations that have global exposure.

Richard's latest Snort Report is up. He helps us Justify Snort. Good reading.

Paul Melson has a list of Malware Analysis tools you can use to dig into the guts of those pesky malicious files.

@dacort twitted a pointer to an article on Sun's site that talks about five areas that must be addressed to keep Web scale deployments safe from attack.

In a follow-up post to a previous missive about the static code analysis shortcomings, Rafal Los brings us a solution, Hybrid Analysis. Good stuff.

That's it for now. Have a great day.

Kevin

{ 0 comments }