Stop Online Piracy Act And The Future Of Internet Freedom

| 0 comments

I thought it was time that I sat down and put to paper so to speak my thoughts about the Stop Online Piracy Act (SOPA). For those of you that know me personally know that I am not a fan of SOPA for many of the reasons that other individuals as well as large technology companies have stated. In short SOPA is entirely to vague and leaves the door open for entirely a nanny state which I am sure you agree will kill the Internet freedoms we enjoy today. SOPA “explained” by Guardian Opinion Time I must say that there …

Continue reading

Database Security

| 0 comments

Databases are the core targets for hackers and they can be a source of vengeance when it comes to disgruntle employees.  In this case, the Human Resources (HR) group has requirements to house data that are used across the corporation from management to the level of employees, which requires numerous security considerations. Traditionally access control has been performed at the application level within code however if a database accounts properly for access control the value of this level of control begins to take shape.  The workflow demonstrated in figure 1 provides the needed foundation to address interfaces, enforcement, and access …

Continue reading

WikiLeaks Lessons Learned

| 0 comments

In the end, the distinction that is drawn from WikiLeaks is that this organization in no way resembles traditional or modern day hackers.  In order to back up this assertion it is important to understand the definition of a hacker, which is a person who illegally gains access to and sometimes tampers with information in a computer system. Traditional Hackers While WikiLeaks had been existence for some time, they gained notoriety when a United States (US) service member leaked classified Pentagon documents.  For this reason, I advocate that the term hacker is not relevant.  In fact, it seems the US …

Continue reading

Metasploit: Penetration Testing Tool Of Choice

| 0 comments

Penetration testing is key to security and Metasploit is an easy-to-use penetration testing solution that provides network penetration testing capabilities, backed by the world’s largest fully tested and integrated public database of exploits. Built on feedback from the Metasploit user community, key security experts, and Rapid7 customers, Metasploit Express enables organizations to take the next step forward in security. If you’re running or responsible for any type of IT system that hackers or cyber criminals may want to break into, deface, or bring down for business or pleasure, Metasploit Framework is for you. The tool enables you to carry out …

Continue reading

OWASP Application Security Tutorials

| 1 Comment

Application security encompasses measures taken throughout the application’s life-cycle to prevent exceptions in the security policy of an application or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application.  Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security. Open Web Application Security Project (OWASP) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and …

Continue reading