Entries Categorized as 'Application Security'
by Neil MacDonald | May 23, 2011 | 2 Comments
There’s been a bunch of highly publicized attacks recently. Each one has a major lesson for information security. 1) Barracuda’s breach Major lesson: Test all of your web-enabled applications for vulnerabilities as a part of the ongoing application development and change process. This was the root cause of the breach. Minor lesson: Web application firewalls [...]
Category: Application Security Cloud Cloud Security Information Security Tags: application security testing tools, Best Practices, Cloud Security, Defense-in-Depth, Information Security, Security-Summit-NA
by Neil MacDonald | May 13, 2011 | Comments Off
I saw this article recently describing an attack against one or more zero day vulnerabilities in Google’s Chrome browser. Worse, the attack reportedly is able to break outside of the “sandbox” (created by the use of mandatory integrity controls within Windows) and execute code at a different trust level. The attack is reportedly not stopped [...]
Category: Application Security Information Security Windows 7 Tags: Apple, Application Security, Beyond Anti-Virus, Browser Security, Security-Summit-NA, Windows
by Neil MacDonald | March 11, 2011 | Comments Off
Google’s Android has made the news a couple of times already in 2011: Here, with a credit card snooping exploit proof of concept and most recently, with malware that had gotten into the Google application store. The latter was particularly serious as it involved a privilege escalation attack that broke out of the Android sandbox. [...]
Category: Application Security Beyond Anti-Virus Endpoint Protection Platform Tags: Apple, Application Security, application security testing tools, Best Practices, Beyond Anti-Virus, Endpoint Protection Platform, Whitelisting
by Neil MacDonald | March 7, 2011 | 4 Comments
I was performing some background research on the number and severity of vulnerabilities produced by Apple, Microsoft and other vendors when I ran across something quite interesting. (BTW – I was researching the issue addressed in this research note for clients — whether or not antimalware software is recommended for enterprise Apple Macintosh endpoints.) Microsoft, like [...]
Category: Application Security Information Security Microsoft Security Windows 7 Tags: Apple, Application Security, application security testing tools, Browser Security, Microsoft, Windows
by Neil MacDonald | January 21, 2011 | Comments Off
In my kick off post for 2011, I talked about the need for IT to expand the depth and breadth of patching. In the follow-on post, I talked about the need to migrate more users to run with standard user (and not administrative level) privileges. One of the challenges to both of these actions is [...]
Category: Application Security Information Security Microsoft Microsoft Security Windows 7 Tags: Application Security, Best Practices, Browser Security, Information Security, Microsoft, Microsoft Security, Windows
by Neil MacDonald | January 19, 2011 | 6 Comments
Static application security testing (SAST) can be thought of as testing the application from the inside out – by examining its source code, byte code or application binaries for conditions indicative of a security vulnerability. Dynamic application security testing (DAST) can be thought of as testing the application from the outside in – by examining [...]
Category: Application Security Applications Tags: Application Security, application security testing tools, Best Practices, Defense-in-Depth
by Neil MacDonald | January 4, 2011 | Comments Off
I am back from the holidays and was responding to some comments on my previous blog post on antivirus technologies and the shift to endpoint protection platforms where one of the readers had recommended disabling autorun on removable media for a quick win for information security. There are several things in information security that we [...]
Category: Application Security Beyond Anti-Virus Endpoint Protection Platform Information Security Tags: Apple, Best Practices, Defense-in-Depth, Endpoint Protection Platform, Information Security, Security No-Brainer, Windows
by Neil MacDonald | September 28, 2010 | Comments Off
I work with clients daily on how to change their development (and procurement) processes to product more secure code. I wrote in this blog, that application security cannot be solved with technology alone, yet I still run into organizations trying to solve their application security problems with the purchase of a static or dynamic application [...]
Category: Application Security Tags: Application Security, application security testing tools, Best Practices, Maturity Models, Microsoft
by Neil MacDonald | July 23, 2010 | Comments Off
In my previous post, I discussed a free virtualized browser offering from Dell KACE. The virtualized browser is based on Firefox with Dell indicating that it hopes to offer a virtualized version of Internet Explorer in the future. That’s more complicated than it first appears. Technically, can IE be virtualized? Yes. Some of the application [...]
Category: Application Security Information Security Virtualization Virtualization Security Windows 7 Tags: Endpoint Protection Platform, Microsoft Security, Virtualization Security, Windows
by Neil MacDonald | June 1, 2010 | 4 Comments
Interesting question – eh? There is a great amount of passion on both sides of the argument. Beyond the emotion and hype, what’s the reality? After Microsoft followed Java’s lead and adopted an interpreted byte code model (common language runtime) for .NET, our official position has been that in the hands of a skilled developer, [...]
Category: Application Security Tags: Application Security, application security testing tools, Best Practices, Microsoft Security
