The FTC recently released a document to help companies learn from others' security mistakes. The document titled Start with Security: A Guide for Business. It provides ten (10) different security lessons learned by other companies, included below: Start with security. Control access to data sensibly. Require secure passwords and authentication. Store sensitive personal information securely and protect it during transmission. Segment your network and monitor who's trying to get in and … [Read more...] about The FTC’s “Start with Security: A Guide for Business” Document
security awareness
Tips for Protecting Credit Card Information
Turn on the news and you will see a breach announced for some company. It is happening all the time. In most cases we, as consumers, accept the risk for the convenience of using a credit card for purchases. While there isn't much you can do to protect your information once you have given it to a business, there are some things you can do to help reduce your risk while shopping online. Scan for Malware Most of our online purchases happen from our own computer indicating that this is where we … [Read more...] about Tips for Protecting Credit Card Information
What is a Penetration Test
You spend all day looking at requirements, creating functionality and doing some testing of the code you just created. You have been working for months on this application making sure it worked as expected. The testers have been diligently working to ensure that the requirements have been fulfilled and the application will work as expected and allow the end users the capability to solve a specific set of tasks. Then it happens... You find out that a penetration test is coming. … [Read more...] about What is a Penetration Test
Amazon XSS: Thoughts and Takeaways
It was recently identified, and Amazon was quick (2 days) to fix it, that one of their sites was vulnerable to cross-site scripting. Cross-site scripting is a vulnerability that allows an attacker to control the output in the user's browser. A more detailed look into cross-site scripting can be found on the OWASP site. Take-Aways QA could have found this Understand your input validation routines Check to make sure the proper output encoding is in place in every location user supplied … [Read more...] about Amazon XSS: Thoughts and Takeaways
3rd Party CMS Security
One of the easiest ways to get content available on the Internet is to use a 3rd party content management system (CMS). These systems vary and are usually fairly simple to set up. There is no requirement for any technical knowledge and you can have content up and available within minutes in some cases. No need for that pesky HTML coding or web site management. One of the most common CMS platforms is WordPress (https://wordpress.com). Of course there are many other systems available, but it … [Read more...] about 3rd Party CMS Security
Black Lists and White Lists: Overview
I came across an interesting post on twitter the other day (https://twitter.com/suffert/status/567486188383379456) that depicts a sidewalk with a sign indicating what wasn't allowed on the sidewalk. You have seen these before: NO bicycles, skateboards, rollerblades, roller skates, scooters. In the information technology sector, this is known as a black list; a list that defines what is NOT allowed or permitted. You can see black lists all over the place, input validation, output encoding, … [Read more...] about Black Lists and White Lists: Overview