Vulnerability management has become a huge challenge in today’s malicious cyberspace. SQL Injections, Cross Site Scripting and DDoS Attacks are arguably the most commonly exploited vulnerabilities, constantly appearing in OWASP research reports. Injection flaws took the first place in the 2013 OWASP Top-10.
SQL Injections (SQLi)
SQL Injections are basically unsanitized […]
You heard right, the InfoSec Institute is adding several new training programs to our award winning lineup of courses. Whether you want to master a new application, improve your web dev skills or dive into relational databases, we’ve got you covered.
Check out our new category pages where you can see […]
As we become more dependent on technology the proper security of our data is more important than ever been before. It’s no surprise that the demand for competent IT auditors is at an all time high. The need for enterprises to evaluate the processes and policies they use to […]
Over the numerous configuration reviews and pentest engagements that we have performed for our clients, we’ve observed a common pattern in the configuration weaknesses in Linux systems. We believe reviewing these common weaknesses and taking them into consideration may save a lot of time and resources, and more importantly help system administrators […]
By Chris Clymer, SecureState Advisory Manager and Kerstyn Clover, SecureState Consultant
If there’s one constant for security practitioners across virtually all organizations regardless of size, industry, or location, it is compliance. PCI, HIPAA, GLBA, EU Safeharbor, NERC/CIP, state laws, client contracts: whatever business you’re in, chances are there is at […]
Today’s cyberspace has become a dangerous place for individuals and businesses. Vulnerabilities are exploited using sophisticated malware and complex hacking techniques. This is why Security Testing is needed in every software development life-cycle (SDLC). Enter Source Code Analysis (SCA).
SCA is the most comprehensive and efficient way to locate loopholes […]
Within a business continuity plan exists a few steps:
Business Impact Analysis (BIA)
This involves determining the operational and financial impact of a potential disaster or disruption, including loss of sales, credibility, compliance fines, legal fees, PR management, etc.
It also includes measuring the amount of financial/operational damage depending on the […]
It is hard to accept that nowadays, organizations get along without having an astute and decisive information system. Providing a reliable and coherence information system requires a solid security framework that ensures confidentiality, integrity, availability, and authenticity of the critical organizational assets.
Information Security Management System (ISMS) defines to setup […]
Passionate about security & learning?
We are hiring an Information Technology Instructor for our online courses
Under general supervision, plans and implements curriculum and educational programs for students within the online training program, as well as occasionally serving as a backup ILT instructor.
Supports students in online courses with webinars, direct answers to […]
Finding a proven pattern to find defects early in your cycle saves not just money but also the time required to patch those defects. Threat modeling is a tested and proven method to meet this objective. This procedure evaluates the vulnerabilities that can potentially exist in a target under […]
This article follows my earlier one: “Secure Software Development Life Cycle” (from now on referenced as S-SDLC), being one Implementation of the S-SDLC program. I have covered the basics of S-SDLC in my previous article – and I recommend readers to go through it if you have not already […]
In recent decades, cyberspace has grown to impact nearly every aspect of human existence. It is increasingly relied upon by citizens and policy-makers, as well as the military and federal agencies. Despite these facts, the importance of securing cyberspace is often overlooked. It is widely accepted that hackers, criminals, […]
Email is still, to this day, the most used method of online communication. Even though many people predicted email would eventually get replaced by instant messaging or video chat software, the fact remains that email is simple to use, works everywhere thanks to the standardization of the SMTP protocol, […]
I have written a lot about building flexible Agile teams and their usual shortcomings. However, there is a river of information behind it and improving our knowledge of building patch-functional teams is worthwhile. This type of team has all the skills that are needed, so that we can provide […]
Over the past ten years, there has been a steady increase in the number of generic top-level domain names (gTLD). As a result, people can currently register various gTLDs such as .asia, .pro, .tel, or even .xxx. In the near future, even more gTLDs will be available for registration. […]
There has been a lot of talk about how to connect your laptop though the Android network and use the bandwidth that you’re already paying for. Usually, this requires setting up an access point on an Android device and connecting to it with the laptop. On some devices you […]
When it was created, the Internet was launched as a classified military experiment, but nowadays it is a widely used tool that has a multitude of purposes. Recent cyber attacks on Saudi Arabia’s state oil company Saudi Aramco, the Qatari gas firm RasGas, and denial-of-service attacks on some major […]
If you make web sites, online apps, or even just your own personal blog, chances are that you’ve heard the phrase “Don’t trust user input!” This is one of the key security concepts about the Internet, and the failure of web developers to adhere to this principle is the […]
This Article explains the concept of transferring personal data from EU to third countries, what those third countries mean, the principles for making such transfers legitimate and the derogations from these principles, and last but not least, the transfer mechanisms of personal data to third countries.
I. Transfer of personal […]
No information security guide is complete without a chapter about securing physical access to information resources. After all, physical access gives even the moderately skilled attacker access to the network, unencrypted workstations and servers, and hardcopy information just waiting for someone to come by and pick it up. Have […]