security testing

RSS

  • Vulnerability management: not just for scanning known vulnerabilities

    Posted April 8, 2011 - 2:16 pm

    Proactively searching and fixing the unknown zero-day vulnerabilities saves time and money for everyone. And it is easy! Proactive testing is the most effective form of vulnerability management, because the earlier vulnerabilities are discovered, the easier and cheaper it is to fix them. Do not wait for the hackers to find the vulnerabilities!

  • Crack your own passwords for better security

    Posted December 20, 2010 - 1:08 pm

    Passwords are the primary key to our digital lives--providing the only barrier preventing sensitive data from being compromised in most cases. IT admins should think and act like a hacker to proactively identify weak passwords, and stay one step ahead of a data breach.

  • Vulnerability Disclosure: Is it Blackmail, Whitemail or Bluemail

    Posted July 23, 2009 - 3:25 pm

    Hackers (or security researchers) come with a range of rainbow colored hats. Some guys'n'gals are nice (the White Hats). They find and disclose problems in communication products using approved responsible disclosure models. Others are in the business for money, and are not satisfied by the fame they get for disclosing problems. The process can easily get close to what some would consider unethical, or even direct blackmailing.

  • Fuzzing and Product Security

    Posted March 18, 2009 - 3:40 am

    Finally, some real data on the usage of fuzzing is emerging. Who is using fuzzing? How do people see fuzzing being used in the product security process? Forrester has included questions regarding use of fuzzing in to their questionnaire that they send to key industry CIOs, CSOs and CISOs. Security companies such as Cigital are publishing their findings. I have talked with these organizations and will be discussing my findings in this blog and the upcoming webinar.
Ask a Question