So what is the big deal if a few of my corporate PCs are infected with malware, what’s the worst that can happen? In this post I want to cover what can be done with a compromised PC and why it is a big deal. Many Security Managers minimize the importance ...
While managing Operational Risk for a large IT organization, one of my responsibilities was to work with Corporate Operational Risk to define Key Risk Indicators (KRIs) KRIs were monitored at a corporate level. We took the easy route by using canned ...
Ready for one last slick web application penetration test trick? In this installment we'll explore a subtle and often overlooked vulnerability related to web application authentication. In response to the login request containing posted ...
Ready for another cool web application penetration test trick? In this installment we'll cover clickjacking, also known as "UI redressing". Clickjacking is an instance of the classic "confused deputy" problem, and occurs when ...
Performing a web application penetration test is not voodoo magic, but rather an exercise in knowledge, prioritization, and efficiency. During years of hard work penetration testers hone their methodology and develop efficient ways of applying their ...
Information Technology is radically changing. We can wrap it in terms and buzzwords like cloud, mobility, BYOD, Web 3.0, but the reality is both the sum of and more complex than the names we give it. IT is no longer in the hands of the professionals. ...
I need a solution
We are trying to determine the registration date for screen names registered in Symantec IM manager. There doesn't appear to be anything within the Admin/Reviewer ...
In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities: 1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) ...
Symantec security response has posted a write-up about a new Android threat, Android.Claco (also known as SuperClean) that poses new challenges to security teams in a world of BYOD. You can read about the threat here: ...
In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities: 1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) ...