Category: securitycompliance

Information Security has a dilemma:

the problem is that we don’t want to be seen(interfere) with whatever the user wants to do, but yet there

need to be secure transactions. The security of our network and applications need to be part of Information technology actions.

The website, email and network traffic needs to get where it is supposed to go without interference or eavesdropping.

But in network security we have many types of grey areas.

False positives, negatives, and many Heisenberg principle issues (i.e. if you want to view network traffic you may be altering the traffic itself)

If all viruses were detectable with antivirus then malware would be easily found and no more hacks would happen.

Some viruses are hard to detect on purpose. They evade antivirus software, system administrators and other software.

But a scan of a system will show a port open which requires further analysis. Because the virus or malware wants to phone home, well it has to have a port open to do that.

Now we can find it: with  Sigma

or Alpha

firewalking is a term used to signify checking a firewall or webserver port by port to see its status.

We perform a similar service to give you a report that will let you know how you look in the eyes of a criminal or hacker.

We provide Alpha service

What is the first method used in evaluating a web application?

It starts with the Alpha test

How do you know the level of security with your website application?

1. A certain amount of testing must be started – our Alpha testing starts a security profile.

2. A Second level of testing is the Sigma (Σ) testing – which actually attempts to break the application.

In real estate  the motto is Location, Location, Location.

But in Information Security  it is Testing, Testing, Testing.

 

When one thinks about security, one should think about the little things that have to be done.

Patching systems, rebooting.

patching all the applications.

checking the Access control Lists for new apps and ports.

ensuring the web apps are checked not just for bugs, but insecurities.

And finally test – and check for open and incorrect configurations