It’s that time of the year again folks when security experts release the most...
By Armando Romeo, eLearnSecurity and ID Theft Protect
The Bug Story
By Ali Hadi
Despite the fact that our Networks gardens are full of beautiful/gorgeous things, at same time they’re full of bugs. The problem is that the Internet serves as connection between these gardens, which makes it easy for bugs to travel from one garden to another. A bug may be found in my neighbours’ garden across the street, but in a matter of time, I will be seeing it creeping in my garden too… This time Ali tales us a quick history of the most vicious bugs in software till today. From his amusing article we will find out why software Bugs exist today and how to avoid them. He will also present us the analysis one of the most popular bug in the IT Security history and learn us on this example a quick analysis of a bug. Read the column which is as well for entertaiment as for gathering some basic knowledge.
Secure Coding: Hits and Misses
By Jorge Luis Alvares Medina
This article expose the basics of most of the common software vulnerabilities, and explore the best programming practices to avoid their occurrence. The analysis will be made from a general perspective, but providing concrete examples and walk through to clarify the concepts discussed. The examples included in each point will range from academic to real vulnerabilities found while performing different source code audits. From this article you will learn best practices that architects and developers should be aware of in order to develop applications with a proper sense of security. After the reading you will also start to think of the security analysis in terms of the actors involved, to enhance and better adapt different attack vectors the common roots of many security issues.
For My Eyes Only
By Israel Torres
Data is a marvelous thing; so easy to create but so difficult to keep track of and maintain. This marvelous thing is the very thing that can take companies down to their knees. All without anyone knowing until it is too late… A silent killer… Data at rest and company drive shares spell disaster. Learn how to protect yourself against your data be it your programs, scripts and allow automation to occur non-interactively without you having to type your password in because you don’t want to save them within the execution file. This demonstration focuses on the Apple Mac platform but can be easily geared otherwise.
Secure Coding PHP
By Rich Hoggan
It can be said that software is only as good as its code or as good as the developer who wrote that code. Yet if we used this adage to compare current web based software, we are in need of some major retrofits to the software we entrust our personal data to. The recent cyber attacks on BART – the San Francisco Bay Area’s rapid transit system – only demonstrates the need for better and more secure software especially when personal and private information is at stake. As cyber attacks only seem to be growing in number, we have to start to focus more on secure coding as we try to walk the thinning line that is security and usability. With this in mind, we will discuss some of the techniques one can use to write more secure PHP code including user input verification and data encryption… In this article author shows how to write secure code in PHP and validate user input. You will also learn some encryption techniques and other counter measures.
Secure Coding in Database
By Steve Hodge
Information systems are not islands. Either data is manually entered, or, as is more commonly the case, interchanged with other systems. Some systems are very tightly integrated: a database transaction committed in one system becomes available in another almost immediately. Other systems are more loosely coupled and synchronize data on a scheduled basis. Some partners in the interchange do an outstanding job of vetting their data and making sure that the data feeds are clean. But what do you do when a data supplier comes under attack, the data becomes vandalized, or it is rendered unavailable? This text will give you the knowledge about creating automatic audit trails for critical database tables and also about creating processes to guard against and recover from bad data. You will learn building a lightweight process for rapid data recovery that avoids using complex, time-consuming database backup tools.
Mobile and Tablet Application Coding Security
By Julian Evans
There are practical techniques to securing app code – the first involves limiting privileges to a set of operations – this is known as sandboxing. The second technique involves identifying executables as they enter the trusted domain – aka firewall approach – do you want the app to run and how will it run are important queries. The third technique involves code trust – is the executable trustworthy? In this article author will attempt to discuss briefly some of the main mobile app security issues of today and consider what developers have to do to maintain and improve their coding security practices. Read and find out why code signing and sandboxing are two app security principles that should be pro-actively incorporated into the mobile coding development cycle.
By Mervyn Heng
Hispasec Sistemas has managed the service, VirusTotal, since 1st June 2004. The VirusTotal website offers the public access to multiple Antivirus (AV) engines hosted by them to provision online scanning of individual files to uncover malware by harnessing a combination of signature-based and heuristic detection. This is the short column where you will find description of this very popular tool. If you haven’t come across the VirusTotal yet this text should encourage you to pay more interest in it.
What’s Wrong With the Bible?
Corporate IT security policies are often described by security professionals as “the Bible”. This comparison always makes my skin crawl, since it suggests a certain lack of imagination. But in reality, the comparison makes sense. Both interpretations were probably written a long time ago by people who hadn’t met you, or by employees that faced precisely the same issues, technologies, and situations you face in your job today. More than that, both were probably written by different groups of people over time… Read the essay column in which the author deals with different legal curiosities and IT security cliches.
Review of Passware Kit 11.0
By Israel Torres
Passware Password Recovery Kit Forensic 11.0 is a handy all-in-one package for recovering different types of passwords quickly and with ease. Be it from a Windows laptop, Mac VM, or USB stick this software raises the bar for password cracking. Read the program review and check is it worth it’s price and buying.