By channeling the spirit of Sherlock Holmes and Hercule Poirot, we’ll explore
how to learn from failure, improve pattern recognition of security quality,
and detect possible security vulnerabilities.
Just as a detective studies a crime scene for clues, we will follow a
methodical approach to investigating and solving the Top 11 API Threats.
Our basic process is as follows:
1. Understand the context in which APIs exist
2. Look for clues that point to possible vulnerabilities
3. Catalog the tools used to identify and track vulnerabilities
4. Identify countermeasures to fix vulnerabilities
5. Provide evidence that can measure the efficacy of the countermeasures
Ovum Studie: So reduzieren Sie das Risiko von Datenlecks
Im Rahmen einer Studie der Analysten von Ovum wurden hunderte IT-Entscheidungsträger weltweit dazu befragt, wie effektiv Datenflüsse in ihrem Unternehmen gesteuert werden.
Hier einige Ergebnisse:
· 23 % der Befragten haben innerhalb der letzten drei Jahre einen Sicherheitsaudit nicht bestanden.
· 17 % waren unsicher, ob sie einen derartigen Audit mithilfe ihrer vorhandenen FTP-Lösungen bestehen könnten.
· 4 % der FTP-gestützten Dateiübertragungen schlagen fehl – gleichzeitig b ...
The Cylance 2017 Threat Report offers valuable analysis on the current state of cybersecurity. The information provided in the report is unavailable anywhere else. This Cylance® study includes research and information drawn from internal data and feedback provided by Cylance customers. The report offers considerable insights into recent threat trends and related security issues.
Some key findings of this report merit further discussion. These conversations represent an opportunity to dig deeper into the implications of current security stra ...
By focusing on frequent code integration, automated testing, and keeping
the mainline code version in a state that is deployable to production at any
time, CI/CD aims to eliminate the risks and friction of traditional waterfall
software development. Add to that the practice of continuous deployment
and you can move to a situation where the latest and greatest software version
is not just always ready to be deployed—it’s deployed on a frequent basis. ...
The information security field is economically inefficient. This is both good and bad. Bad, because it means billions of dollars are squandered on solutions which offer their buyers sub-optimal returns. Good, because the opportunities exist to operate more efficiently and thereby improve the quality of life for everyone.
This paper will examine how we know economic inefficiencies exist and why the industry seems unwilling to address them. By understanding these issues, companies will be better able to select effective IT security solutions tha ...
MITRE ATT&CK1 is an open framework and knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods. Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack beh ...
Passwörter stellen schon lange eine Herausforderung für die Cybersicherheit am Arbeitsplatz dar....