K. Scott Morrison, CTO and chief architect at Layer 7 Technologies talks about some of issues hindering adoption of cloud computing. Also, Wade Baker of Verizon on that firms new security incident framework.
A brief look at the Pwn2Own hacker contest at the CanSecWest Applied Security Conference in Vancouver, BC. Also Department of Education CISO Phil Loranger on encryption.
From buffer overflows to SQL injection, hackers have many techniques at their disposal to attack Web applications, and new methods constantly emerge. This week’s podcast edition of Threat Monitor highlights one of the tips from this special Web application attack security guide, entitled: Prevent cross-site scripting hacks with tools, testing.
The editorial team recalls the themes and discussions that dominated the 2010 RSA Conference. Federal cybersecurity issues ruled with the debut of White House cybersecurity coordinator Howard Schmidt. Microsoft’s Scott Charney explained the legal action the software giant took to disrupt the Waledac botnet. Also, attendees showed interest in social networking security. In addition, the convergence of cloud computing and identity management was showcased.
Dan Kaminsky of IO Active explains the benefits of DNSSEC and why products and services that use the technology could take off in the next few years. Scott Rose of NIST describes the lessons learned from the deployment across the .gov domain at federal government agencies.
Program links:
Experts see DNSSEC deployments gaining traction
Increased authentication at the DNS layer will block DNS cache poisoning and create new services, experts say. The root zone should be signed and verified by July.
DNSSEC: Has the Time Come? DNSSEC brings PKI to the Domain Name System and prevents dangerous cache poisoning attacks.
VIDEO - VeriSign on DNSSEC support Joe Waldron, a product manager in VeriSign’s Naming (DNS) Group, said engineers are testing and upgrading systems to support security extensions for DNS (DNSSEC).
In a recent US-CERT advisory, clientless SSL VPN vulnerabilities were listed as posing serious threats to Web browser security. In this tip, learn possible actions to take for Web browser protection.
Scott Charney, Microsoft’s vice president for Trustworthy Computing discusses the software giant’s latest legal action to take down the Waledac botnet.
A new type of malware attack, RAM scraper, may pose a serious threat to enterprise security. Learn what a RAM scraper attack is, and how you can defend your organization from this potentially damaging new malware attack.
Chris Wysopal, CTO of Veracode on code analysis and how the SANS/CWE Top 25 Programming Errors list can be applied effectively by software development groups.
Program Links:
SANS releases revised top 25 serious coding errors list
The latest list adds profiles to help organizations tailor the list to their needs and mitigation techniques to help software developers apply better practices to the SDL.
New York drafts language demanding secure code:
State will demand software makers certify their software does not contain the coding errors listed in the CWE/SANS Top 25 Dangerous Programming Errors.
Listen to the top security experts and learn about the latest cybersecurity research. Whether it’s the spread of malware, the explosion of spam or hackers exploiting flaws to steal sensitive data, this podcast series aims to find the right ways to defend against ongoing attacks to your systems.
cloud computing, Security Wire Weekly
K. Scott Morrison, CTO and chief architect at Layer 7 Technologies talks about some of issues hindering adoption of cloud computing. Also, Wade Baker of Verizon on that firms new security incident framework. 
0 Comments
RSS Feed
Email a friend
From buffer overflows to SQL injection, hackers have many techniques at their disposal to attack Web applications, and new methods constantly emerge. This week’s podcast edition of Threat Monitor highlights one of the tips from this special Web application attack security guide, entitled: Prevent cross-site scripting hacks with tools, testing.
The editorial team recalls the themes and discussions that dominated the 2010 RSA Conference. Federal cybersecurity issues ruled with the debut of White House cybersecurity coordinator Howard Schmidt. Microsoft’s Scott Charney explained the legal action the software giant took to disrupt the Waledac botnet. Also, attendees showed interest in social networking security. In addition, the convergence of cloud computing and identity management was showcased.
