Enforcing compliance regulations makes good business sense and compliance has a positive approach to the requirements of computer security. Compliance, like security, is about managing risk, where the risk of compliance failure can be financial loss, intrusions, customer loss, or even ceasing to exist as a business.
Software development is concerned with creating software according to customer requirements in a minimum amount of time. Information security is focused on removing security vulnerabilities and managing risks. Developers are switching to Agile approach with rapid development speed, incremental and iterative software release. Security experts have their own policies and validation procedures.
What is ISO 27001 ISO IEC 27001 2013 is an information security management standard. The official complete name of this standard is ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements. The purpose of the standard is to help organizations to establish and maintain an information security management system (ISMS). […]
Most security methodologies are built around traditional development methods, which are qualitatively and quantitatively different from agile development. Code reviews or pen testing are sequential while agile is iterative. With Agile and continuous code integration, automated regression tests are scripted to automatically run at the end of each build. This enables developers to get instant feedback on […]
Seeker uses context aware security to examine the way attacks affect sensitive data in the application and evaluate vulnerability risk.
”If you can’t explain it simply, you don’t understand it well enough” – Albert Einstein Although the majority of application security tools requires you to know the threats that confront you, most users do not have the security knowledge needed to recognize these threats, much less identify them specifically. However, there are tools on the […]
The Heartbleed vulnerability (http://www.heartbleed.com, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, or the OpenSSL advisory athttps://www.openssl.org/news/secadv_20140407.txt) allows remote attackers to retrieve chunks of memory from servers using OpenSSL versions 1.0.1 prior to 1.0.1g. The information retrieved from the server memory could contain user passwords, encryption keys and other sensitive data. The vulnerability has been identified by security researchers from Codenomicon and Google […]
Fitting security into development by just pushing it ‘as is’ onto developers is a bit like taking a zebra, dressing it in a purple skirt, putting a martini in its hand and expecting it to blend in at a cocktail party…
A quick analysis on why Code Security does not mean a lot to anybody who’s not involved with it – and why we all have to understand that it’s all about the data…
IAST is the emerging technology which is rapidly transforming the way code security is done. Instead of security being a pain and a worry, IAST enables a fully automatic process that ensures no code vulnerabilities creep in during development. IAST technology works by hooking into the application and analyzing it from within as it runs. […]
You face the process of selecting the right application security testing solution for your organization. Everybody agrees it should be part of the SDLC and ultimately used by developers, testers or DevOps. Maybe it’s the first time you are introducing application security into the SDLC, or you have tried before and now wish to improve, realizing there is a tool out there much better for your needs.
Last Thursday, JP Morgan issued a warning to 465,000 holders of prepaid cash cards that their personal information may have been accessed by hackers who attacked the JP Morgan network in July. JPMorgan detected the breach only two months later, in the middle of September.
At first glance, there was nothing exceptionally interesting about this piece of news. We hear news of such data leaks on a constant basis over the last few years. Behind each of these lies a fundamental failure to protect user data, ignoring basic security best practices. However, this was not the case here. According to the reports provided by JPMorgan, they have actually done everything right. All sensitive user content was encrypted in their database and all standard protection measures were in place. So what went wrong?
October 30 2013 - Today, Database-as-a-Service company MongoHQ has reported a breach in its applications, resulting in the theft of customer private data and authentication credentials. This reminds us of the importance of encrypting sensitive data at rest, two factor authentication, routine employee awareness training and ensuring the security level of internal applications. The security breach […]