Subscribe: Blog
Added By: Feedage Forager Feedage Grade B rated
Language: English
application  article  management  owasp top  owasp  risk management  risk  security  student  top  vulnerabilities  web application  web  xss 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Blog Blog

Information Security Management for Business Managers

Last Build Date: Mon, 19 Feb 2007 16:08:58 +0000


Use risk management for reasonable information asset protection

Mon, 19 Feb 2007 16:08:58 +0000

Selecting the right security controls can be a daunting task.  By applying the principles of risk management, however, security managers can meet the challenge with confidence.  Read the article

Holy Toledo! The iPod did it!

Sat, 17 Feb 2007 19:43:40 +0000

Unbelievable.  It’s even more unbelievable because I live near the community of Oregon, Ohio where a police detective called a student’s iPod a “criminal tool”.  In an article in the Toledo Blade,  Robin Erb describes an incident in which a former Clay High School student was charged with a felony for accessing school employee and student records.  [...]

Calling endusers stupid isn’t helpful

Sat, 17 Feb 2007 19:00:01 +0000

I was reading a Tim Wilson article at Dark Reading this morning in which he asked the question, “So are users hopeless?  Are they inherently brainless and/or evil?”  My first reaction to the question was raucous laughter.  When I finally regained my senses, I read the rest of the article in which Wilson makes a lot [...]


Fri, 16 Feb 2007 16:03:21 +0000

Yes, the title is in all caps.  Yes, I’ll yelling as loudly as I can.  In a recent column at, Bill Brenner reiterates the dangers of using Telnet over connections that are not secure.  The principle problem is that Telnet communicates user IDs and passwords in clear text between workstation and server.  Secure Shell [...]

Reflections on Vista security

Fri, 16 Feb 2007 15:54:07 +0000

In a recent blog entry at, Joanna posted her comments on Vista UAC and integrity levels after having used the OS for more than a month.  Interesting reading.

Scan AJAX for XSS entry points

Fri, 16 Feb 2007 15:28:49 +0000

Cross site scripting (XSS) is a big problem in web application environments.  In fact, the 2007 OWASP Top Ten list of web application vulnerabilities has XSS at #1.  In a recent paper, Shreeraj Shah, founder of Net Square, describes in detail the process for protecting applications developed using the AJAX framework.  It also includes scripts [...]

Transfer risk when mitigation costs are too high

Fri, 16 Feb 2007 15:15:19 +0000

According to security best practices, there are four things you can do when risk to an information asset is identified and business impact assessed.  You can reject/ignore the risk.  This is not a smart move in most cases.  You can mitigate the risk to an acceptable level.  You can accept the risk.  And finally, you [...]

Lock it down: Use the revised OWASP Top Ten to secure your Web applications — Part 1

Thu, 15 Feb 2007 20:06:21 +0000

For the first time since 2004, the Open Web Application Security Project (OWASP) is updating its Top 10 Vulnerabilities list. As a supplement to an previously published article on the 2004 OWASP Top 10, this is the second in a series of articles in which I explore the 10 vulnerabilities the OWASP believes present the [...]

Personal, gratuitous post…

Thu, 15 Feb 2007 18:49:38 +0000

______________________________________________________ Check out my book, Just Enough Security, at Additional security management resources are available at My podcasts –> Free security training –> _______________________________________________________

Soft versus hard security

Thu, 15 Feb 2007 18:44:19 +0000

In this Geekzone article, Darryl Burling ponders the value of putting risk management on the user.  I don’t know about you, but relying on users to protect data, even their own, is typically a losing proposition.  Read the artcle and you decide.