While investments to secure the enterprise continue to rise, breaches into company systems and data are skyrocketing. These cyber crimes are consistently debilitating organizations operations, reputations and ultimately, viability. Today’s CEOs are demanding aggressive strategies to protect their business. CIOs and CSOs are working together to employ proven Business Software Assurance approaches across the enterprise to stay ahead of constant threats.
This webinar explores 12 of the most common security traps in Java by examining the causes of security failures in modern Java–based applications. Approaching security with an “outside in” style, we look at vulnerabilities from a developer’s perspective, focusing on the source code.
Matt Rose, Senior Software Security Consultant at Fortify Software, shares his findings from a year analyzing millions of lines of code. He unveils his top ten most common vulnerabilities and provides detailed examples of each. These technical examples come from his experience working with fortune 500 companies, government agencies, and major ISVs.
With an extensive background in police, military, government, and industry security, Howard Schmidt explains how to respond to the changing landscape of cyber threats and how business leaders are helping set the standards for application security. He then profiles industry role models who are setting the standard for application security.
This paper explores the role of white box vs. black box testing. White box testing technologies have a definite but limited use and value. From a Web application security perspective it must be understood that significant blind spots come with white box testing. Ultimately white box testing is not sufficient to secure your applications: simply put organizations that rely solely on white box technologies will be exposed to vulnerabilities in their applications, thus making it an ineffectual method of testing real-world risks. This paper will demonstrate black box or dynamic testing is ultimately the appropriate solution for “truly” securing Web applications.
If your company stores or processes credit card information, you must be able to demonstrate compliance with the Payment Card Industry (PCI) Data Security Standards (DSS). These standards include requirements for security management, policies, procedures, network architecture, design, and other critical protective measures. They also include one very prescriptive requirement: Section 6.6 mandates that organizations secure all Web applications by conducting a code review or installing an application layer firewall. Companies have had a very difficult time passing the other parts of Section 6 and they have experienced a rising number of data breaches. Unless companies take 6.6 seriously, PCI compliance failure rates, and data breaches, will continue to grow. Read this whitepaper to gain an overview of best practices to pass Section 6.6 and an understanding of the technology available to you.
Is open source secure? How much business risk is introduced with it? Fortify surveyed the open source community for an answer and revealed that open source projects lack the three essential elements of security: people, process and technology. Read this research to discover what actions can reduce these risks within your organization.
The hacking community has shifted its effort toward a new frontier: the application layer. How are companies responding? Business Software Assurance – the capability to address the problem of application risk within an enterprise. This whitepaper provides an overview of the severity of the problem along with everything needed to develop Business Software Assurance in your organization.
As the military and US government rely more heavily on custom-built applications for communications and management, they also become more vulnerable to cyber attacks. Worse, according to the Dept. of Homeland Security, the number of attacks on custom-built applications is doubling every year. Learn about critical threats, methods that military and civilian agencies can use to deal with cyber attacks and technologies that improve security for custom-built applications.
Politics, Religion and Economics exert enormous influence on decision-making and the integrity of IT programs—and often result in sub-par decisions that open the door to malicious intrusion or attack. Michael Scheidell and his talented technical team know how difficult it can be to create positive change in an organization, even when obvious vulnerabilities exist. When it comes to navigating the executive suite and undocumented layers of the OSI model, the staff at SECNAP® Network Security have the experience to assist IT management in developing effective strategies to successfully drive security improvements. Download This Paper Now…
IBM conducted an in-depth assessment to identify vulnerabilities in New Hanover Health Network's information security practices, with emphasis on their auditing activity and capabilities. This white paper will explain how IBM helped them implement a series of best practices, thereby improving the confidentiality, integrity, and availability of their information systems.
There are many ways to uncover Web application vulnerabilities. This white paper examines a few of these vulnerability detection methods – comparing and contrasting manual penetration testing with automated scanning tools. What you’ll discover is that neither of these methods are an exhaustive method for identifying Web application vulnerabilities.
Assessments are the key tools for uncovering vulnerabilities in your security that may be well hidden. This webinar explains how your organization can gain value and insight from the various types of security assessments that safeguard the confidentiality, integrity and availability of your critical business data.
Connect to this special web event to hear from Forrester Research and HP on how to address key vulnerabilities in the storage network, receive tips and recommendations on selecting and implementing data storage encryption solutions and details on how to achieve centralized key management and data encryption where it matters most.
Published By: Tripwire
Published Date: Apr 28, 2008
Learn more about the security risks and vulnerabilities faced by organizations, and the elements of a proactive security approach. Then find out how Tripwire helps organizations attain and maintain a good security posture using industry-leading configuration assessment and change auditing to harden systems against security breaches, automate compliance with security standards and policies, identify configuration changes, and resolve vulnerabilities.
Published By: Quocirca
Published Date: Apr 09, 2008
Today, many organizations are increasingly reliant on software application development to deliver them competitive edge. Simultaneously, they are progressively opening up their computer networks to business partners, customers and suppliers and making use of next-generation programming languages and computing techniques to provide a richer experience for these users. However, hackers are refocusing their attention on the vulnerabilities and flaws contained in those applications.
Application vulnerabilities and risks must be weighed to identify resources, performance requirements and service level objectives to ensure business continuity. Using real-world case studies, this white paper examines Information Lifecycle Management (ILM) best practices for disaster preparedness.
Today’s targeted malware attacks are infecting unsuspecting businesses at astonishing rates, rendering traditional antivirus solutions ineffective. Reported and known viruses are becoming less important compared to the increase in unknown threats and attacks.
2008 brings with it new challenges and issues that network and systems administrators should be aware of, particularly vulnerabilities brought on by users. This white paper examines the top concerns which network security professionals should be prepared to face in 2008, and how they can be mitigated.
Published By: Solidcore
Published Date: Jan 07, 2008
This IT audit checklist guide includes advice on assessing the effectiveness of change management in a variety of areas. As companies grow more dependent on interdependent IT systems, the risks associated with untested changes in development and production environments have increased proportionately.
Published By: Solidcore
Published Date: Jan 07, 2008
Identifying critical change control failure points in your infrastructure can help reduce the threat of costly downtime, potential security breaches, and compliance weaknesses. Read this paper for guidelines on how to identify and categorize systems that have characteristics which heighten risk.
Published By: Blue Lane
Published Date: Jan 07, 2008
Quantros’ business—an ASP for the health care industry—requires a secure network and maximal uptime—all with a small IT department and a small budget. Quantros was challenged to implement and enforce sound security policies and to keep up with the continuous stream of vendor patches.
Enabling IT equipment vendors to perform remote service on your data centers helps maximize uptime and lower TCO—but at what risk? Dial-up modems and VPNs introduce security vulnerabilities and lack sufficient auditing capabilities—making it virtually impossible to track external access and maintain data center security. Download this white paper to learn how you can manage security risks, lower service-related costs, achieve regulatory and internal compliance, and more.