An application typically has multiple environments from development through to full production. It is rare to find an application that doesn't use some form of data. Some applications may use just a little data with a very simple database, while others may have very complex database schemas with a lot of data. Developers usually load just enough data to test the features/functions being implemented in the current iteration. Production systems contain actual customer information which may be … [Read more...] about Tips for Securing Test Data (Scrubbing?)
Tips for Securing Test Servers/Devices on a Network
How many times have you wanted to see how something worked, or it looked really cool, so you stood up an instance on your network? You are trying out Jenkins, or you stood up a new Tomcat server for some internal testing. Do you practice good security procedures on these systems? Do you set strong passwords? Do you apply updates? These devices or applications are often overlooked by the person that stood them up, and probably unknown to the security team. It may seem as though these systems … [Read more...] about Tips for Securing Test Servers/Devices on a Network
Disabling Paste for Passwords?
Passwords, while a simple concept, are one of the most complex issues in security. A majority of user authenticated systems rely on a password to verify the end user. Over the years we have seen many different recommendations for strong passwords. I have talked about this subject many times. The complexity, while difficult to define, has gotten more difficult over time. At first, it was 8 characters with upper, lower case characters and a number or special character. The focus has … [Read more...] about Disabling Paste for Passwords?
The FTC’s “Start with Security: A Guide for Business” Document
The FTC recently released a document to help companies learn from others' security mistakes. The document titled Start with Security: A Guide for Business. It provides ten (10) different security lessons learned by other companies, included below: Start with security. Control access to data sensibly. Require secure passwords and authentication. Store sensitive personal information securely and protect it during transmission. Segment your network and monitor who's trying to get in and … [Read more...] about The FTC’s “Start with Security: A Guide for Business” Document
Tips for Protecting Credit Card Information
Turn on the news and you will see a breach announced for some company. It is happening all the time. In most cases we, as consumers, accept the risk for the convenience of using a credit card for purchases. While there isn't much you can do to protect your information once you have given it to a business, there are some things you can do to help reduce your risk while shopping online. Scan for Malware Most of our online purchases happen from our own computer indicating that this is where we … [Read more...] about Tips for Protecting Credit Card Information
What is a Penetration Test
You spend all day looking at requirements, creating functionality and doing some testing of the code you just created. You have been working for months on this application making sure it worked as expected. The testers have been diligently working to ensure that the requirements have been fulfilled and the application will work as expected and allow the end users the capability to solve a specific set of tasks. Then it happens... You find out that a penetration test is coming. … [Read more...] about What is a Penetration Test