Software Security is a People Problem

posted on Feb 12, 2014 by sahba Comments:0

My first professional job was as a software developer.  I had recently graduated with honors with a computer science degree and a software engineering specialization.   In other words, I (supposedly) had all of the know how and tools to enter the world of software development. At my first job, we weren’t just back office developers,…

Five ways to secure your Internal network on a low budget

posted on Feb 11, 2014 by saurabh Comments:0

When it comes to network security, we can safely assume that most of the companies make a conscious effort in securing their network perimeter. Modern network security appliances such as firewalls, IDS, IPS etc., do a good job in keeping an external attacker out, when configured in a secure manner. Having said that, two facts…

5 Common Linux Misconfigurations

posted on Feb 4, 2014 by Guest Blogger Comments:0

Over the numerous configuration reviews and pentest engagements that we have performed for our clients, we’ve observed a common pattern in the configuration weaknesses in Linux systems. We believe reviewing these common weaknesses and taking them into consideration may save a lot of time and resources, and more importantly help system administrators with creating more…

Exploiting and Defending Mobile Training – CanSecWest

posted on Jan 30, 2014 by saurabh Comments:1

Salut à tous, We are pleased to announce that we will be presenting our “Exploiting and Defending Mobile” training course @CanSecWest. Our “Exploiting and Defending Mobile” training will provide you with two days of insight into the world of mobile hacking. The course is designed to keep a balance between theoretical knowledge & practical experience….

HTML5 Security Concerns – Executive Summary

posted on Jan 28, 2014 by Geoffrey Vaughan Comments:0

With the wide-spread adoption of HTML5 and responsive web design, like any new technology, companies need to be aware of the security implications of their design choices. What we are seeing with HTML5 is a number of threats that are less of a concern to traditional web applications are re-emerging and appear to have greater…

Processor Logic Problem from Hackfest 2013

posted on Jan 7, 2014 by Geoffrey Vaughan Comments:0

  For this challenge you were given a 16 Page PDF file that consists of the top secret plans for a military hardware apparatus. The file is available here: Tracking Logic Instructions After a first read through the challenge you realize that you are working with a large schematic diagram of a mysterious system where…

How SAMM addresses Outsourced Development

posted on Dec 17, 2013 by Nima Dezhkam Comments:0

The Software Assurance Maturity Model is an open framework to help organizations implement a software security program that is tailored to the specific risk profile of their organization. The framework is maintained under OWASP’s OpenSAMM project. SAMM framework is flexible, by design, to apply to most organizations and businesses. Its content is categorized under four…

The NIST Cyber Security Framework Completely Misses the Mark

posted on Dec 10, 2013 by Rohit Sethi Comments:0

The National Institute of Standards and Technology (NIST) released a Preliminary Cyber Security Framework to help organizations build a holistic approach to cyber security. The framework is very broad, which on the surface is a boon for information security programs. In particular, the five core functions are a good way of ensuring a complete view…

Business Logic Pitfalls in Trading Applications (Blog Series) – 2

posted on Dec 3, 2013 by Subu Ramanathan Comments:0

Hi there folks, Here is the second pitfall that we’ve seen in securities trading applications in capital markets. Quantity is relevant to business In the capital markets business trading securities is a wholesale game. Whether, it is trading fixed income securities, equities or forex, the quoted prices are based on minimum quantity that is enforced…

Your Guide to Getting Started with Mobile Application Assessments

posted on Nov 26, 2013 by Guest Blogger Comments:1

Many organizations already have some form of mobile presence or plans to deploy one in the near future but don’t know how to get started with mobile application assessments.  This guide will help you make informed decisions when procuring mobile application assessment services. A mobile application assessment can be broken down into the following four…