How many times have you wanted to see how something worked, or it looked really cool, so you stood up an instance on your network? You are trying out Jenkins, or you stood up a new Tomcat server for some internal testing. Do you practice good security procedures on these systems? Do you set strong passwords? Do you apply updates? These devices or applications are often overlooked by the person that stood them up, and probably unknown to the security team. It may seem as though these systems … [Read more...] about Tips for Securing Test Servers/Devices on a Network
Passwords, while a simple concept, are one of the most complex issues in security. A majority of user authenticated systems rely on a password to verify the end user. Over the years we have seen many different recommendations for strong passwords. I have talked about this subject many times. The complexity, while difficult to define, has gotten more difficult over time. At first, it was 8 characters with upper, lower case characters and a number or special character. The focus has … [Read more...] about Disabling Paste for Passwords?
The FTC recently released a document to help companies learn from others' security mistakes. The document titled Start with Security: A Guide for Business. It provides ten (10) different security lessons learned by other companies, included below: Start with security. Control access to data sensibly. Require secure passwords and authentication. Store sensitive personal information securely and protect it during transmission. Segment your network and monitor who's trying to get in and … [Read more...] about The FTC’s “Start with Security: A Guide for Business” Document
Turn on the news and you will see a breach announced for some company. It is happening all the time. In most cases we, as consumers, accept the risk for the convenience of using a credit card for purchases. While there isn't much you can do to protect your information once you have given it to a business, there are some things you can do to help reduce your risk while shopping online. Scan for Malware Most of our online purchases happen from our own computer indicating that this is where we … [Read more...] about Tips for Protecting Credit Card Information
You spend all day looking at requirements, creating functionality and doing some testing of the code you just created. You have been working for months on this application making sure it worked as expected. The testers have been diligently working to ensure that the requirements have been fulfilled and the application will work as expected and allow the end users the capability to solve a specific set of tasks. Then it happens... You find out that a penetration test is coming. … [Read more...] about What is a Penetration Test
Application security should be on the mind of anyone that is part of the application design/build process. That means architects, developers, application owners, QA testers, business analysts and even end users. Everyone of these positions plays a role in the security of the applications. Depending on the organization, the roles can be quite different. You must understand the roles of these positions from a development perspective to really understand how they fit into the security aspect … [Read more...] about SDLC: Understanding your Roles