Browsing Author: George Hulme

Q&A: Database Security Expert David Litchfield

With all of the talk around the importance of web and application security, why is there so little focus on the corporate databases, which store the most valuable data? Last week, at the annual Computer Enterprise and Investigations Conference, Threatpost had the opportunity to sit down with noted security and database expert David Litchfield to find out. During his career, Litchfield has uncovered hundreds of vulnerabilities in software from IBM, Microsoft, and Oracle. He’s perhaps best known for his database security research.

Read more...

Making an Application Security Program Succeed, Part Two

“Failure is only the opportunity to begin again, only this time more wisely,” is a quote attributed to legendary automaker Henry Ford. While it seemingly has nothing to do with secure application development, all you need to do is talk to a handful of enterprises who have tried to implement a secure development lifecycle – and you’ll certainly see how it applies.

Read more...

Making An Application Security Program Succeed

After winning the attention, and hopefully the backing of executives, as we covered in The Challenge of Starting an Application Security Program,  it becomes much more straightforward to win the funding needed for the right tools, services, and training needed for secure application development.

Read more...

In Application Security, Good Enough Isn’t

SAN FRANCISCO–There’s the old joke about two hunters running from a lion, and the one runner says to the other: we can’t outrun the lion. And his buddy replied, “I don’t have to outrun the lion, I only have to outrun you.” Many, over the years, have applied the same logic to application security: If their software is ‘secure enough’ attackers will move on to easier targets.

Read more...

After The Hack: Tips For Working With Local Law Enforcement

SAN FRANCISCO–If you are in business long enough, you’re going to get hacked and you’re going to have to call the cops. Maybe you’ll need their help finding the perpetrators of a crime in which your business was victimized. Maybe employees will have conducted a crime involving IT, or maybe you’ll simply be asked to help investigate a crime conducted against someone else. The fact is: your business will engage with law enforcement at some point, and you better be prepared. Sadly, few businesses today are. 

Read more...

How to Respond to a Data Breach

Categories: Data Breaches

You’ve been robbed. Maybe you don’t know to what extent. Perhaps the crook simply took the opportunity to snag a notebook sitting in the back of a car and doesn’t care about the data. Perchance it was a planned burglary and now a competitor or political activist group has gigabytes of potentially embarrassing emails from one of your top executives. Maybe attackers grabbed sensitive medical files, and are now extorting you: pay-up or the files are released publicly.

Read more...

Securing Your Security Budget: A Failure To Communicate

[img_assist|nid=7859|title=|desc=|link=none|align=left|width=100|height=100]With increasingly sophisticated exploits and well-informed adversaries targeting systems and data – fighting for more security budget is essential. Too bad, then, that management doesn’t always agree.

Read more...

2011: What’s Your IT Security Plan?

A gusher of Web applications vulnerabilities, malicious insiders and
sophisticated malware threaten networks and data. To keep your systems
reasonably secure, what will your security focus be during the year
ahead?

Read more...