Et Cetera

Wed
09
Sep

Vulnerability Management

Contributed by Joseph Johann

With the proliferation of new attack vectors comes the need to be able to identify security vulnerabilities, rate them, and patch them as quickly as possible. This involves a systematic approach to managing this process. In this paper I will define the industry standards for vulnerability management. This includes the methods for identifying vulnerabilities and classifying their risks as well as the individuals involved in the process. I will also define the steps involved in performing a vulnerability assessment and some tools that can facilitate the process. Furthermore I will discuss sources of current vulnerability information and steps that can be taken to protect assets when a patch is not currently available. Finally I will discuss industry regulations that require organizations to have vulnerability assessments performed on a regular basis.

Tue
08
Sep

Best Practices for Hiring Penetration Testing Services

Contributed by Nathan W. Dickens

Tue
08
Sep

Hitchhiker's World Issue #10

Contributed by Hitch

Hitchhiker's world is an old blog created by an old ISW founding partner and friend. He sought out the most intriguing topics, and revealed them here every month. While these are old topics and articles, they are still a top hit on ISW today. Some of the contents from this blog include: Some Thoughts on RFID Technology, DNS Name Prediction with Google, and Distributed Honeypots!

This 2005 blog can be found here. To view it click here

Tue
08
Sep

The Emerging Trend of Wearable Technological Devices

Contributed by Brian Kyle Marek

Wearable Technology is a growing trend in the fitness market. The technology used in this emerging field has led to the wearable technology industry expanding into multiple sectors. While the current market of such devices is focused primarily around fitness, there is potential for significant growth and development in other areas, including the medical and business world.

This document is in PDF format. To view it click here.

Tue
08
Sep

Assessing Java Clients with the BeanShell

Contributed by Stephen de Vries

Assessing the security of Java applications, and particularly client-server applications, can be a tedious process of modifying the code, compiling, deploying, testing and repeat. This becomes even more difficult when the source code to the application is not available. What we require is an easy means of interacting with the internals of an application during execution without recompiling the code.

Enter the BeanShell (http://www.beanshell.org), which provides an interpreted, scripting environment that can plug in to any Java application or applet and allows users to inspect and manipulate objects dynamically. This paper demonstrates a technique for using the BeanShell to assess the security of a typical Java client-server application.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Et Cetera