DefendTheApp.com is now live. This site provides a fully functioning demonstration application that has implemented an AppSensor detection and response capability. The site also provides easy links to all relevant AppSensor information. Not familiar...
Topics: information security

{"title":"DefendTheApp - An OWASP AppSensor Project","post_url":"http:\/\/www.shortinfosec.net\/2009\/12\/defendtheapp-owasp-appsensor-project.html","feed_url":"http:\/\/www.shortinfosec.net\/feeds\/posts\/default?alt=rss","author":"mybloglog94899963db8c8ad6b57a","date":"2009-12-15 11:21:00","summary":"DefendTheApp.com is now live. This site provides a fully functioning demonstration application that has implemented an AppSensor detection and response capability. The site also provides easy links to all relevant AppSensor information. Not familiar..."}

Security of biometric ID's like biometric passports is a very frequent topic of discussion and we all know there are issues. But most of those issues are related to encryption, materials and generally anything that requires a lot of technical...
Topics: information security, penetration testing, privacy

{"title":"A Simplified Analysis - Can you Forge a Biometric ID?","post_url":"http:\/\/www.shortinfosec.net\/2009\/11\/simplified-analysis-can-you-forge.html","feed_url":"http:\/\/www.shortinfosec.net\/feeds\/posts\/default?alt=rss","author":"mybloglog94899963db8c8ad6b57a","date":"2009-12-13 23:45:00","summary":"Security of biometric ID's like biometric passports is a very frequent topic of discussion and we all know there are issues. But most of those issues are related to encryption, materials and generally anything that requires a lot of technical..."}

Eric Schmidt said in a CNBC special recently that “If you have something that you don’t want anyone to know, maybe you shouldn ’t be doing it in the first place!” And yet the reaction to this flagrant ignorance of basic privacy is met with mixed..
Topics: information security, privacy

{"title":"Privacy Ignorance - Was Eric Schmidt thinking?","post_url":"http:\/\/www.shortinfosec.net\/2009\/12\/privacy-ignorance-should-eric-schmidt.html","feed_url":"http:\/\/www.shortinfosec.net\/feeds\/posts\/default?alt=rss","author":"mybloglog94899963db8c8ad6b57a","date":"2009-12-12 13:02:00","summary":"Eric Schmidt said in a CNBC special recently that \u201cIf you have something that you don\u2019t want anyone to know, maybe you shouldn \u2019t be doing it in the first place!\u201d And yet the reaction to this flagrant ignorance of basic privacy is met with mixed.."}

Vulnerability and Compliance Management as Software as a Service (SaaS) are springing up like mushrooms. The SaaS model enabled companies which focused on vulnerability management to extend their reach, and offer the services to more and more potential...
Topics: information security, Network security

{"title":"Vulnerability Management from the Cloud - Overview of the services","post_url":"http:\/\/www.shortinfosec.net\/2009\/12\/managed-vulnerability-management.html","feed_url":"http:\/\/www.shortinfosec.net\/feeds\/posts\/default?alt=rss","author":"mybloglog94899963db8c8ad6b57a","date":"2009-12-09 11:27:00","summary":"Vulnerability and Compliance Management as Software as a Service (SaaS) are springing up like mushrooms. The SaaS model enabled companies which focused on vulnerability management to extend their reach, and offer the services to more and more potential..."}

If you are using any sort of IP based filtering within your application, then you need to evaluate how IP spoofing attacks affect your security controls. In order to make a fair evaluation you will need a basic understanding of IP spoofing attacks....
Topics: information security, Network security, penetration testing

{"title":"Summary of IP Spoofing","post_url":"http:\/\/www.shortinfosec.net\/2009\/12\/summary-of-ip-spoofing.html","feed_url":"http:\/\/www.shortinfosec.net\/feeds\/posts\/default?alt=rss","author":"mybloglog94899963db8c8ad6b57a","date":"2009-12-09 10:21:00","summary":"If you are using any sort of IP based filtering within your application, then you need to evaluate how IP spoofing attacks affect your security controls. In order to make a fair evaluation you will need a basic understanding of IP spoofing attacks...."}