Native Mobile Application Development and Security Risk Management

Posted on November 24, 2010 by John Abraham in Main | Leave a comment

Developing native mobile applications as opposed to HTML5-based apps adds complexity to mobile application security management. Peter Yared from Webtrends Apps, recently posted an insightful blog entry where he points out that developing native applications for each mobile platform (i.e. iPhone, Android, Windows Mobile, Blackberry, SymbianOS, WebOS) is not practical because the development and maintenance cost grows for each mobile platform app deployed. Not only is Peter’s view very practical from a cost and maintenance perspective, it also has significant … →

Thoughts on Stuxnet, Iran and the Future of Information Warfare

Posted on November 23, 2010 by David Shaw in Main | Leave a comment

Many claim that Stuxnet will usher in a new kind of ‘cyber war’. Stuxnet does introduce a previously unexplored area of attacking power facilities via USB stick, however, vulnerabilities in these systems–theoretically accessible to foreign hackers–are not new at all. SCADA systems that control the United States power grid have been widely declared as vulnerable to hackers for several years. These systems could theoretically be attacked at any time, but because these attempts are not packaged in an accessible piece … →

Presenting nbesort.rb: An Easy Way to Sort Nessus Results by Finding

Posted on November 18, 2010 by David Shaw in Main | 6 Comments

No self respecting security engineer will tell you that they rely on automated vulnerability scanners to do the bulk of their analysis. Juicy findings that demonstrate the severity of the threat they represent usually come from thorough manual analysis. As a security engineer, it is this manual analysis of software that I live for, and it is by far my favorite part of testing. However, this is not to say that vulnerability scanners do not play an important role: without … →

Getting Started on a Mobile Device Security Policy

Posted on November 17, 2010 by John Abraham in Main | Leave a comment

How do we manage security when our users are integrating smart phones and other mobile devices into the workplace? This is a question we hear more and more from our customers as their employees are buying mobile devices such as iPads, iPhones, Blackberries, and Android driven products. The rising tide of usage of these devices is impossible to stop and they have become ubiquitous in a short period of time. This leaves IT departments and security teams trying to figure … →

Cyber War and Information Security

Posted on November 7, 2010 by John Reno in Main | Leave a comment

There have been quite a few headlines recently regarding various aspects of cyber war. A number of folks in the information security community have contributed to the discussion. I happen to like the comments from Ben Tomhave and Richard Bejtlich. There is an interesting crossover between the military domain and the commercial world. In the military sector one often thinks that victory is all about killing more of the other guys. But this raises some questions – who are the … →

Monthly Archives: November 2010

Native Mobile Application Development and Security Risk Management

Thoughts on Stuxnet, Iran and the Future of Information Warfare

Presenting nbesort.rb: An Easy Way to Sort Nessus Results by Finding

Getting Started on a Mobile Device Security Policy

Cyber War and Information Security

Search

Admin

Monthly Archives: November 2010

Native Mobile Application Development and Security Risk Management

Thoughts on Stuxnet, Iran and the Future of Information Warfare

Presenting nbesort.rb: An Easy Way to Sort Nessus Results by Finding

Getting Started on a Mobile Device Security Policy

Cyber War and Information Security

Search

Follow Us!

Admin