Database Security

| 0 comments

Databases are the core targets for hackers and they can be a source of vengeance when it comes to disgruntle employees.  In this case, the Human Resources (HR) group has requirements to house data that are used across the corporation from management to the level of employees, which requires numerous security considerations. Traditionally access control has been performed at the application level within code however if a database accounts properly for access control the value of this level of control begins to take shape.  The workflow demonstrated in figure 1 provides the needed foundation to address interfaces, enforcement, and access …

Continue reading

WikiLeaks Lessons Learned

| 0 comments

In the end, the distinction that is drawn from WikiLeaks is that this organization in no way resembles traditional or modern day hackers.  In order to back up this assertion it is important to understand the definition of a hacker, which is a person who illegally gains access to and sometimes tampers with information in a computer system. Traditional Hackers While WikiLeaks had been existence for some time, they gained notoriety when a United States (US) service member leaked classified Pentagon documents.  For this reason, I advocate that the term hacker is not relevant.  In fact, it seems the US …

Continue reading

Metasploit: Penetration Testing Tool Of Choice

| 0 comments

Penetration testing is key to security and Metasploit is an easy-to-use penetration testing solution that provides network penetration testing capabilities, backed by the world’s largest fully tested and integrated public database of exploits. Built on feedback from the Metasploit user community, key security experts, and Rapid7 customers, Metasploit Express enables organizations to take the next step forward in security. If you’re running or responsible for any type of IT system that hackers or cyber criminals may want to break into, deface, or bring down for business or pleasure, Metasploit Framework is for you. The tool enables you to carry out …

Continue reading

OWASP Application Security Tutorials

| 1 Comment

Application security encompasses measures taken throughout the application’s life-cycle to prevent exceptions in the security policy of an application or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application.  Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security. Open Web Application Security Project (OWASP) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and …

Continue reading

Diskeeper 2011 Product Contest

| 0 comments

If you recall my Product Review: Diskeeper 2010 from the past it is worth stating that the Diskeeper Corporation has revealed the near future release Diskeeper 2011 which bring a number of great feature to the table that goes a long way in assisting you in keeping those fragmented hard drives under control. The fine folks at the Diskeeper Corporation has graciously provided three FREE licenses of Diskeeper 2011 Home, just continue reading for details on how to win. Diskeeper has always been the de facto standard for tooling surrounding fragmentation in my book and while there are a number …

Continue reading