penetration testing

RSS

penetration testing Blogs

  • To retrieve stolen data: Have it phone home to tell you where it is.

    Posted August 18, 2011 - 5:07 pm

    If banks can put dye packs and broadcasting GPS units that signal cops where stolen moneybags are being taken, why can't you do that for data? Honeypot technology shows you how, but existing honeytokens have to be better at sending calls for help.

  • North Korea steps forward as new cyberwar villian

    Posted July 6, 2011 - 4:14 pm

    McAfee investigation concludes overly sophisticated DDOS attacks against South Korea in March were tests of the readiness of the South and the U.S. for mixed online/offline assaults.

  • Two-Thirds of Big Companies Suffer Successful Hacks This Year

    Posted October 12, 2010 - 11:41 am

    Big companies report increase in successful attacks, while flaws in existing systems and the complexity of new ones introduce more places security could be weak.

  • Security Testing: It Is About Coverage

    Posted February 1, 2010 - 7:19 pm

    It is easy to do pentetration testing. My two year daughter can do it (well at least she broke through a screen-lock). But doing it well is the challenge. That is what coverage is about. Security test coverage, like any test coverage, is measuring how much of all the possible sensible options you cover with your testing. Let's dig into this topic a bit more, and perhaps next time someone comes offering you pentesting services, you will have a few new questions to ask the auditors.

  • Fuzzing and Product Security

    Posted March 18, 2009 - 4:40 am

    Finally, some real data on the usage of fuzzing is emerging. Who is using fuzzing? How do people see fuzzing being used in the product security process? Forrester has included questions regarding use of fuzzing in to their questionnaire that they send to key industry CIOs, CSOs and CISOs. Security companies such as Cigital are publishing their findings. I have talked with these organizations and will be discussing my findings in this blog and the upcoming webinar.
Ask a Question