Application Security Testing : Do It Now
Yes as Veracode says: https://www.veracode.com/blog/2015/07/application-security-assessment-reviewing-your-testing-program-sw They list 3 misconceptions: QA (Quality Assurance) is when development is done. Third party software does not need testing Developers don’t care about security We…
Dangerous Vulnerability? Some Routers Bad UPnP Authentication
This is the problem with some security issues(complicated technical issues that require expertise to fix): http://www.kb.cert.org/vuls/id/361684 Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control…
How To Stay Secure in Insecure World
I want to highlight 2 current articles: http://www.infosecurity-magazine.com/news/pawn-storm-serves-malware-via-fake/ and http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html It is best to use good passwords, 2factor authentication, and patch your systems The first article points to how a…
Focus on Quality Improves Computer Security
There is a great white paper at sans.org Elizabeth Stanton wrote it to highlight “Security through Quality Assurance Practices” I found it by doing a google search “quality computer security”.…
Analyzing Data Breaches: Can we Tolerate Status Quo?
An interesting paper on the analysis of the frequency of data breaches. It is an attempt by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest. These researchers obtained the data from…