George Hulme

Q&A: Database Security Expert David Litchfield

With all of the talk around the importance of web and application security, why is there so little focus on the corporate databases, which store the most valuable data? Last week, at the annual Computer Enterprise and Investigations Conference, Threatpost had the opportunity to sit down with noted security and database expert David Litchfield to find out. During his career, Litchfield has uncovered hundreds of vulnerabilities in software from IBM, Microsoft, and Oracle. He’s perhaps best known for his database security research.

Making an Application Security Program Succeed, Part Two

“Failure is only the opportunity to begin again, only this time more wisely,” is a quote attributed to legendary automaker Henry Ford. While it seemingly has nothing to do with secure application development, all you need to do is talk to a handful of enterprises who have tried to implement a secure development lifecycle – and you’ll certainly see how it applies.

Making An Application Security Program Succeed

After winning the attention, and hopefully the backing of executives, as we covered in The Challenge of Starting an Application Security Program,  it becomes much more straightforward to win the funding needed for the right tools, services, and training needed for secure application development.

In Application Security, Good Enough Isn’t

by George Hulme
7

SAN FRANCISCO–There’s the old joke about two hunters running from a lion, and the one runner says to the other: we can’t outrun the lion. And his buddy replied, “I don’t have to outrun the lion, I only have to outrun you.” Many, over the years, have applied the same logic to application security: If their software is ‘secure enough’ attackers will move on to easier targets.

After The Hack: Tips For Working With Local Law Enforcement

by George Hulme
1

SAN FRANCISCO–If you are in business long enough, you’re going to get hacked and you’re going to have to call the cops. Maybe you’ll need their help finding the perpetrators of a crime in which your business was victimized. Maybe employees will have conducted a crime involving IT, or maybe you’ll simply be asked to help investigate a crime conducted against someone else. The fact is: your business will engage with law enforcement at some point, and you better be prepared. Sadly, few businesses today are. 

How to Respond to a Data Breach

by George Hulme
1

You’ve been robbed. Maybe you don’t know to what extent. Perhaps the crook simply took the opportunity to snag a notebook sitting in the back of a car and doesn’t care about the data. Perchance it was a planned burglary and now a competitor or political activist group has gigabytes of potentially embarrassing emails from one of your top executives. Maybe attackers grabbed sensitive medical files, and are now extorting you: pay-up or the files are released publicly.

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.