Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Image via the Shodan Blog [https://shodanio.wordpress.com/]

Alert the Media: Shodan's New Webapp Deployed

February 05, 2015 by Marc Handelman in All is Information, Alternate Attack Analysis, DevOps, Engineers, Information Security, Intelligence, Network Security, Hardware Security

Gotta appreciate those folks at Shodan. Their latest creation is a webapp, which permits easy data browsing. Along with their API, a deep-dive tool for quick, yet focused analysis. Outstanding work!

February 05, 2015 /Marc Handelman
All is Information, Alternate Attack Analysis, DevOps, Engineers, Information Security, Intelligence, Network Security, Hardware Security

XKCD, Move Fast and Break Things

October 08, 2014 by Marc Handelman in DevOps, Humor, Sarcasm, XKCD

via Randall Munroe, at XKCD.

October 08, 2014 /Marc Handelman
DevOps, Humor, Sarcasm, XKCD

Parallel Paths, Security and DevOps →

September 11, 2014 by Marc Handelman in DevOps, Information Security, All is Information

 

image.jpg

Well crafted screed, via RSA Security blogger Tony Bradley, detailing the necessity of coexistence...

September 11, 2014 /Marc Handelman
DevOps, Information Security, All is Information

Credit: Unknown

Pwnd

August 11, 2014 by Marc Handelman in SSL / TLS, Intelligence, Network Security, Blatant Stupidity, Malware, Physical Security, All is Information, DevOps, Cryptography, Security Prophylaxis, Sarcasm, Humor, Information Security


 

Today's BlackHat Las Vegas 2014 news brings the annual security confabs' bestowment of the Pownie awards; so, without further ado, examine Sophos' take on the award.  So apropos.

August 11, 2014 /Marc Handelman
SSL / TLS, Intelligence, Network Security, Blatant Stupidity, Malware, Physical Security, All is Information, DevOps, Cryptography, Security Prophylaxis, Sarcasm, Humor, Information Security

Proactive OWASP

August 04, 2014 by Marc Handelman in All is Information, Application Security, Data Security, DevOps, Information Security, Web Security

OWASP has released it's 2014 Top Ten Proactive Controls for Developers, in both PDF  and HTML formats. Outstanding news.

  • OWASP-C1: Parameterize Queries
  • OWASP-C2: Encode Data
  • OWASP-C3: Validate All Inputs
  • OWASP-C4: Implement Appropriate Access Controls
  • OWASP-C5: Establish Identity and Authentication Controls
  • OWASP-C6: Protect Data and Privacy
  • OWASP-C7: Implement Logging, Error Handling and Intrusion Detection
  • OWASP-C8: Leverage Security Features of Frameworks and Security Libraries
  • OWASP-C9: Include Security-Specific Requirements
  • OWASP-C10: Design and Architect Security In
August 04, 2014 /Marc Handelman
All is Information, Application Security, Data Security, DevOps, Information Security, Web Security

SecDevOps, The Change

May 14, 2014 by Marc Handelman in Data Security, Application Security, Information Security, SecDevOps, DevOps

In a tour-de-force example of Security Automation, those crazy kids at DevOps have produced a model for enterprise implementation. You'll be well served, I reckon, in taking the time to read their vision of an automated firewall modification.

A Workflow by any other name, would smell as sweet...

May 14, 2014 /Marc Handelman
Data Security, Application Security, Information Security, SecDevOps, DevOps
  • Newer
  • Older