- Software [In]security: vBSIMM (BSIMM for Vendors)
- Apr 12, 2011
- How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.
|
- PKI Processes and Procedures
- Apr 1, 2011
- Several processes need to occur in a PKI network for a deployment to function smoothly. To address these processes, this chapter covers enrollment, Certificate Expiration and Renewal, Certificate Verification and Enforcement, and PKI Resiliency.
|
- Software [In]security: Modern Malware
- Mar 22, 2011
- Software security expert and author Gary McGraw looks at where malware is heading — and what we should do about it.
|
- As the Worm Turns: The Stuxnet Legacy
- Mar 14, 2011
- In his ongoing series about the intersections of technology and society, Larry Constantine (an interaction designer specializing in safety-critical applications) discusses the history of the malware known as stuxnet and offers suggestions on how it can be stopped.
|
- Secure Your Windows 7 System Now!
- Mar 9, 2011
- John Traenkenschuh presents three simple tasks to help you secure your Windows 7 system: create backups, consider optional security software, and control the interfaces to the system.
|
- Software [In]security: Software Patents and Fault Injection
- Feb 28, 2011
- Gary McGraw explains how another party may get a patent on a technique he had a hand in inventing.
|
- Secure Your Android™ Phone Now!
- Feb 23, 2011
- John Traenkenschuh reviews eight simple tools and techniques you can try to secure your service, your information, and more on your Android phone.
|
- Firesheep, Fireshepherd, and Facebook: Understanding Session Hijacking
- Feb 22, 2011
- Mike Chapple shows you how web authentication makes session hijacking possible, how Firesheep exploits these vulnerabilities, and the measures that website administrators, web developers, and end users can take to protect against session hijacking attacks.
|
- Encryption 101: Keys, Algorithms and You
- Feb 15, 2011
- Mike Chapple shows how to protect confidential information via encryption, and teaches the basics when it comes to selecting an encryption technology.
|
- Cisco Secure Access Control System (ACS) 5.2 and User Change Password (UCP)
- Feb 14, 2011
- This article teaches you how to use the User Change Password (UCP) service in Cisco ACS to allow users defined in the ACS internal database to first authenticate themselves and then change their own password.
|
- Q&A with the Authors of "AAA Identity Management Security"
- Feb 7, 2011
- The authors of AAA Identity Management Security discuss the book and its features.
|
- Cisco AAA Identity Management Security: Getting Familiar with ACS 5.1
- Feb 2, 2011
- ACS 5.1 has a completely different user interface from ACS 4.2. Throughout the course of this chapter you will become familiar with the GUI and know where different functions are located.
|
- Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)
- Jan 31, 2011
- Security expert Gary McGraw discusses the static analysis tools market, the pitfalls of product comparisons, and provides his recommendation for making the best choice.
|
- Software [In]security: Driving Efficiency and Effectiveness in Software Security
- Dec 29, 2010
- Gary McGraw explains how the 32 firms in the BSIMM study determine the proper mix of security initiatives to maximize efficiency and effectiveness of their security programs.
|
- Computer Incident Response and Product Security: Operating an Incident Response Team
- Dec 17, 2010
- This chapter covers aspects of running an incidence response team (IRT) such as team size, team member profiles, cooperating with other groups, preparing for incidents, and measuring success.
|
- Information Security Bookshelf: Part 2 (2011 Edition)
- Dec 13, 2010
- In this second part of a two-part series on information security books, Ed Tittel compiles a collection of pointers to useful and informative books on information security.
|
- Information Security Bookshelf: Part 1 (2011 Edition)
- Dec 6, 2010
- In this first part of a two-part series on information security books, Ed Tittel compiles a collection of pointers to useful and informative books on information security.
|
- Cisco Unified Wireless LAN Security Fundamentals
- Dec 3, 2010
- This chapter discusses the fundamentals of wireless LAN security in the context of the Cisco Unified Wireless Network (CUWN).
|
- Software [In]security: Cyber Warmongering and Influence Peddling
- Nov 24, 2010
- Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research — or our country.
|
- Software [In]security: Technology Transfer
- Oct 26, 2010
- Gary McGraw discusses the evolution of a source code scanning tool from research project to commercial project and details the transfer of technology that made it all happen.
|