Entries Categorized as 'Application Security'
by Neil MacDonald | May 21, 2012 | Comments Off
I’ve been absent from my typical blogging routine getting my material finalized for two Gartner upcoming US-based summits in June 2012. The first is Gartner’s Infrastructure and Operations Management Summit being held in Orlando the week of June 4th. This conference is focused on infrastructure and operations solutions for managing desktops, servers, and mobile devices [...]
Category: Application Security Beyond Anti-Virus Big Data and Information Security Cloud Security Information Security Next-generation Security Infrastructure Security Intelligence Virtualization Security Tags: Adaptive Security Infrastucture, Application Security, application security testing tools, Beyond Anti-Virus, Cloud Security, Context-aware Security, DC-Summit-NA, Next-generation Data Center, Next-generation Security Infrastructure, Security-Summit-NA, Virtualization Security, VMsafe, VMware, Whitelisting
by Neil MacDonald | February 3, 2012 | 1 Comment
I’ve blogged before about advanced threats that easily bypass our traditional protection mechanisms and reside undetected for extended periods of time on our systems. On one of the panels I moderated on APTs, Dave Merkel from Mandiant put it best. “You are compromised, get over it”. Others in the US Government have come to the [...]
Category: Application Security Beyond Anti-Virus Cloud Cloud Security Next-generation Security Infrastructure Security Intelligence Tags: Adaptive Security Infrastucture, Application Security, Best Practices, Beyond Anti-Virus, Cloud Security, Context-aware Security, DC-Summit-NA, Defense-in-Depth, DevOpsSec, Next-generation Security Infrastructure
by Neil MacDonald | January 30, 2012 | 8 Comments
Dynamic Application Security Testing (DAST) solutions test applications from the “outside in” to detect security vulnerabilities. In contrast, Static Application Security Testing (SAST) solutions test applications from the “inside out” by looking a source code, byte code or binaries. Both approaches have their pros and cons and, until recently, the market for these tools has [...]
Category: Application Security Security Intelligence Tags: Adaptive Security Infrastucture, Application Security, application security testing tools
by Neil MacDonald | January 17, 2012 | Comments Off
DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT. Breakdowns in communications and processes across development, operations and security [...]
Category: Application Security Next-generation Security Infrastructure Tags: Adaptive Security Infrastucture, application security testing tools, Defense-in-Depth, DevOpsSec, Next-generation Data Center, Next-generation Security Infrastructure, Security-Summit-NA
by Neil MacDonald | January 9, 2012 | 6 Comments
I called this a “security no brainer” years ago and the advice is absolutely still relevant today. In Gartner’s latest Magic Quadrant for Dynamic Application Security Testing (DAST) solutions for clients, one of the evaluation criteria we looked at was whether or not the vulnerability knowledge of the DAST solution could be exported and used [...]
Category: Application Security Security Intelligence Tags: Application Security, application security testing tools, Best Practices, Security No-Brainer
by Neil MacDonald | January 4, 2012 | 1 Comment
We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and techniques that are designed to test an application from the “outside in” to detect conditions indicative of a security vulnerability in an application in its [...]
Category: Application Security Applications Cloud Cloud Security Tags: Application Security, application security testing tools, Cloud Security
by Neil MacDonald | November 14, 2011 | 1 Comment
I spent the last week in Barcelona with 4,000+ attendees at the 2011 Gartner European Symposium. It was a new venue for Gartner (we were displaced from Cannes by the G20), and I’m happy to say it was a fantastic with record attendance. Security was front and center of attendee interests. We had a total [...]
Category: Application Security Cloud Security Virtualization Security Tags: application security testing tools, Cloud Security, GartnerDC, Information Security, symposium
by Neil MacDonald | October 24, 2011 | 1 Comment
Last week I attended Gartner’s US Symposium conference in Orlando. With 8,000+ attendees (25% of which were CIOs) and at least 1,000 more analysts, vendors and support staff, you can imagine it was quite a scene. In addition to three presentations, I had more than 30 fantastic one on ones with attendees over the four [...]
Category: Application Security Beyond Anti-Virus Cloud Cloud Security Information Security Microsoft Security Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Adaptive Security Infrastucture, Beyond Anti-Virus, Cloud Security, Context-aware Security, DC-Summit-NA, Endpoint Protection Platform, Information Security, Microsoft Security, symposium, Virtualization Security
by Neil MacDonald | August 5, 2011 | 1 Comment
I had a discussion with a client today looking to protect sensitive intellectual property in their source code. I discussed two primary areas of risk: 1) that the developers (some of which were offshored) might take the code and 2) once the code was distributed to customers, it might be reverse engineered or copied Addressing [...]
Category: Application Security Applications Information Security Tags: Application Security, Best Practices, Defense-in-Depth, Information Security
by Neil MacDonald | June 9, 2011 | 1 Comment
On 3 June 2011, RSA, the Security Division of EMC, confirmed that Lockheed Martin had proof that hackers attacked its network partly by using data stolen in a March 2011 attack on RSA. Subsequently, on 6 June 2011, RSA announced a program to replace customers’ RSA SecurID one-time password (OTP) authentication product tokens We’ve updated [...]
Category: Application Security Endpoint Protection Platform Information Security Tags: Best Practices, Defense-in-Depth, Endpoint Protection Platform, Information Security, Security-Summit-NA
