877.791.9571 |

Monthly Archives: May 2011

Web Application Firewalls with Mod Security

One of the biggest problems that businesses and individuals face today is the cost of web application security.

It is not uncommon in the UK, for example, to pay a daily rate of around £1000 to have a website tested by an application security consultant. Web Application Firewalls can be […]

IT Auditing and Controls – IT Governance and Controls

“IT Governance and Controls” or “IT Monitoring and Assurance Practices for Board and Senior Management”

Take your choice of titles of this article, but really it’s all about IT Governance.  Governance integrates best practices to ensure that the organization’s IT is aligned with, and supports, the business objectives; delivers value; […]

Web Application Testing with Arachni

What is Arachni?
In very simple terms, Arachni is a tool that allows you to assess the security of web applications.

In less simple terms, Arachni is a high-performance, modular, Open Source Web Application Security Scanner Framework.

It is a system which started out as an educational exercise and as a way […]

Creepy, the Geolocation Information Aggregator

What is Creepy ?
So what is Creepy actually and how does it come into the “Geolocation” picture ? Creepy is a geolocation information aggregation tool. It allows users to gather already published and made publicly available geolocation information from a number of social networking platforms and image hosting services. […]

TeamShatter Reveals their Process for Security Research

In our ongoing series of interviews, we are doing things a little differently this week and interviewing four members of TeamSHATTER. They answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work they do.

TeamSHATTER is the research arm of […]

IT Auditing and Controls – Auditing Organizations, Frameworks and Standards

What is a standard?  Who defines standards?  Where do we as IT auditors come into contact with standards?  Which framework should we use to do an IT audit and if there isn’t one which one should we recommend.  In order to understand IT auditing and why we do IT […]

The Case of the Great Router Robbery

NEWSFLASH: AnyTown Local News reports this Monday morning that the recent spate of office break-ins has continued with a weekend raid on the downtown branch office of HugeMegaCorp. In a statement, HugeMegaCorp said that “when staff arrived at the office on Monday morning, two laptops and a router were […]

IT Auditing and Controls – Planning the IT Audit

Definition of IT audit – An IT audit can be defined as any audit that encompasses review and evaluation of automated information processing systems, related non-automated processes and the interfaces among them.  Planning the IT audit involves two major steps.  The first step is to gather information and do […]

Exploiting gresecurity/PaX with Dan Rosenberg and Jon Oberheide

Following their presentation at Infiltrate 2011, Jon Oberheide and Dan Rosenberg answered a few questions about the talk they gave.

Jon Oberheide is the CTO of Duo Security, an Ann Arbor-based startup developing kick-ass two-factor authentication. In his free time, Jon dabbles in kernel exploitation, mobile security, and beer brewing. […]

Kevin Finisterre Reveals His Process for Security Research

In our ongoing series of interviews, this week Kevin Finisterre answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work he does.

Kevin Finisterre is a principal of the security consultancy Digitalmunition, he enjoys testing the limits and is constantly […]

Are YOU Wearing A Hoodie?

Fox recently canceled their show about hackers “Breaking In.”

Whatever you might have thought about the show, it got people talking and thinking about hackers. Just like the Sony Playstation Network attack reminded people about the risks of information technology and maybe realizing that game consoles are actually computers with […]

IT Auditing and Controls – An Introduction

Introduction to IT Audit

Auditing is an evaluation of a person, organization, system, process, enterprise, project or product, performed to ascertain the validity and reliability of information; and also to provide an assessment of a system’s internal controls. The goal of an audit is to express an opinion based on […]

CISM Domain – Incident Management and Recovery

CISM Chapter 5 – Incident Management and Response

Incident Management and Response (IM&R) accounts for 14 percent of the CISM exam or about 28 questions.  This is the final domain covered in the Certified Information Security Manager (CISM) material. In my opinion it’s the most important.  Most important because if […]

IT Auditing and Controls – An Overview

So you want to be an IT Auditor…..

Over the course of the next few weeks, I will be posting some ten articles to help you understand what it takes to move from wherever you are to a job as an IT Auditor:

We’ll start with an Introduction to IT Auditing;
Move […]

Android Security: Take Control

Are you in control of your Android device? Really? Then answer this brief survey:

Has every single app on your phone been installed from the Android market?
Have you password protected your device in some way?
Do you make regular back ups of your device?
Have you installed a “find me” […]

Automated Vulnerability Disclosure with upSploit

Recently there have been a number of high profile vulnerabilities and problems found in software as well as in hardware. The way they have been disclosed has varied greatly. This leads to confusion for vendors, who obviously do not want to offer services with critical vulnerabilities in them — […]

CISM Domain – Information Security Program Management

CISM Chapter 4 – Information Security Program Management (ISPM)

In Chapter 3 we talked about Information Security Program Development, in Chapter 4 we’re going to talk about the management of that security program which we just developed.

ISPM accounts for 24 percent of the CISM exam or about 48 questions.  As […]

Haroon Meer Reveals His Process for Security Research

In our ongoing series of interviews, this week Haroon Meer answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work he does.

Haroon Meer is the founder of Thinkst, an applied research company with a deep focus on information security. […]

Microsoft Virtual Server Security: 10 Tips and Settings

Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables maximum use of hardware resources while introducing an increased flexibility in how organizations design and implement new solutions. However, it also introduces new security concerns.

Microsoft’s server virtualization technology […]

Matthieu Suiche Reveals His Process for Security Research

In our ongoing series of interviews, this week Matthieu Suiche answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work he does.

Suiche is director and founder of MoonSols, a computer security and kernel code consulting and software company. He […]