This is the third article on Secure SDLC (S-SDLC) and the second on the implementation of Secure SDLC. So far we have covered an Introduction of S-SDLC and Overview of Open SAMM framework. Readers are advised to refer to these articles before getting directly into this article.
The first step […]
Get Certified – Get Ahead
The CompTIA Security+ SY0-301 certification validates foundation-level security knowledge and skills and is recognized by organizations around the world. As an example, the U.S. Department of Defense requires personnel to have this certification to retain administrative access.
The CompTIA Security+: Get Certified Get Ahead: SY0-301 Study […]
See what it is like to attend the InfoSec Institute CompTIA Security+ Training course:
Development of mobile applications have picked up really fast in the last couple of years. Much has been written about the security assessment of iOS & Android applications, however much information is not available for the security assessment of blackberry applications. The aim of this paper will be to […]
We all know that WordPress is the primary CMS system used on the Internet. We also know that security in WordPress is not always taken for granted. The WordPress CMS system can have different vulnerabilities in older versions, so it’s vital keep it up-to-date. We should also be on […]
This article is focused on the sport football (or soccer in the USA). Nevertheless, the same technology and security measures can be applied in virtually any other major sports event or any identical activity involving gathering a large mass of people at one location.
Technology has been a significant section […]
Android is an open source mobile platform that includes an operating system, middleware and applications. Android has revolutionized the mobile world in a big way. Android, which started as an alternative to Apple’s iOS, is now slowly eating into the market share of Apple and is of primary concern […]
At the beginning of this series of tutorials, I would like to note one thing: All the activities that we usually take to increase the security of information systems are generally offensive in nature. Almost always, the main objective is to make it difficult for the opponent to access […]
“Data stored on the device is worth more than the device”
The above quote might well apply to desktops and laptops as well. But it’s much more probable that your mobile device might be used by someone or lost, compared to your laptop or desktop. This fact changes the […]
A task of any operating system is to provide software that strongly increases its security. A lot of programs of this type have been created; some are better than others. What does it look like in terms of Linux? Of course, here we have many more choices when it […]
Here is a compilation of a few tools that we need to be aware of. The power, the performance and the capabilities of these tools are limited only to the creativity of the attacker. Let’s dig in to the list.
Following the well-defined hacker cycle, let’s start off with […]
Blacklists and Fast Flux Domains
Several web pages that maintain blacklists exist these days. These web pages maintain IP addresses and domains that are believed to be malicious, but the problem is that there are quite a lot of those pages and we don’t have the time to check […]
I’ve been a security enthusiast for years now, and currently I’m working as a security penetration tester. Over the years it has happened that I’ve heard about a new security method I’ve never encountered before. When I started doing research about the topic, it was all very interesting, […]
Security Automation Essentials: Streamlined Enterprise Security Management & Monitoring with SCAP provides IT security managers in both government agencies and private organizations with full details on the capabilities of SCAP (Security Content Automation Protocol) technologies. SCAP reduces dozens of individual security-related tasks to simple, streamlined, and automated tasks that […]
First we must mention that iptables is a Linux kernel firewall, which is why we can categorize it with the picture below:
The picture is presented so we can better imagine how firewalls and iptables firewall are connected with information security in general. I’ve also written an article about […]
Those trained and experienced in the Information Security area know all about IDS systems, biometric security, Disaster Recovery systems, and all the other expensive technologies available to large enterprises with their large budgets.
Quite often overlooked in this area however, are the vast number of small and medium enterprises. Statistics […]
Do you remember my article about physical security? If so, this article can be seen as its development. If there it is more focused on the security of an organization, I think I now will give two, maximum three articles on physical security of our own PC. However, I […]
I understand perfectly well that the InfoSec website has often discussed the use of good algorithms for hashing passwords. But these articles were usually very vague. So in this article you can familiarize yourself with creating good passwords in your applications.
It is an article which was completely by accident. […]
It is convenient, it is a necessity, and some devices give you no other option: wireless networking is all around us.
We all use wireless networks on a daily basis, whether you access the Internet on your laptop or your iPad. Most homes in the UK will have a wireless […]
ATMs Fraud Trends
According to the last 2011 survey (*) in 27 European countries, card skimming is still the most prevalent crime, however 61% of European countries reported a decrease due to use of anti-fraud devices and implentation of Europay, EMV technology embedded in ATMs providing two-factor authentication which drastically […]