July 27th, 2010
June 18th, 2010
Web Application Exploits and Defenses
A Codelab by Bruce Leban, Mugdha Bendre, and Parisa TabrizThis codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application.
April 20th, 2010
New details on Google attack
February 20th, 2010
February 6th, 2010
November 24th, 2009
November 24th, 2009
The European Network and Information Security Agency (ENISA) identified 35 key security risks of cloud computing. Supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, ENISA has conducted a risks assessment on cloud computing business model and technologies. The report provide also a set of practical recommendations.
September 17th, 2009
Foote Partners LLC released updated report on trends in IT skills, certifications, and pay. “[… the] trends survey research indicates that the recession has had only a minimal impact on demand for critical IT skills in the areas such as architecture, business process, information security, communications, e-commerce and several ERP and infrastructure specializations”. Click here to download a free copy of 2009 IT Skills Trends Report Update.
July 21st, 2009
PCI Security Standards Council issues guidance and installation suggestions for testing and deploying 802.11 Wireless Local Area Networks.
July 9th, 2009
This is nothing new. I already blogged about covert channels and how publicly available data can be used to accurately guess personal information.
[…]Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data […] The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, […] results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies […]