Top five themes from Gartner Security Summit 2011
It's a topic that seemed to leave more than a few infosec pros scratching their heads (if you're one of them, be sure to check out Marcia Savage's great feature, IT consumerization drives new security thinking, from the June 2011 edition of Information ...
Social Networking, Counterintelligence, and Cyber Counterintelligence
As an adjunct professor at Utica College, I come across many research papers while teaching Cyber Intelligence, Cyber Counterintelligence and Principles of Cybercrime ...
by Robert Westervelt
Move to acquire Infrared Security will add static code analysis to WhiteHat’s dynamic vulnerability testing platform.
WhiteHat Security has acquired static code analysis technology from Infrared Security in a move to add the functionality to its Sentinal code analysis application, which until now has solely focused on dynamic vulnerability testing.
The move brings in a cadre of well known secure software development experts, including Jerry Hoff, Jim Manico and Eric Sheridan, all active members of the Open Web Application Security Project (OWASP). WhiteHat said the team will guide the integration of their existing SaaS-based code testing tool into the WhiteHat Sentinel product line. They will also guide research and product development.
Web application security has gained more attention from enterprises as website vulnerabilities and weaknesses in online payment, ecommerce and other Web-based applications have become a favorite target of attackers.
Jerremiah Grossman, founder and CTO of WhiteHat said the move was in response to WhiteHat’s customer demands. WhiteHat customers want something effective at uncovering vulnerabilities earlier in the software development life-cycle, Grossman wrote in the company blog.
Several security vendors have built SCA products to address this need, but nothing has really worked. Nothing has been even remotely accurate or managed to meet the need of enterprise scale. We know this because Sentinel measures these outcomes after our customer have purchased these products and they’ve shared their experiences with us.
Grossman said the goal of the integration is to make static analysis “fast, accurate, and scalable.”
A lot has been written about the differences and effectiveness of static versus dynamic code analysis and the move from most application security firms is to provide the tools to customers and let them integrate what they can into their processes. Static analysis happens early on in the SDL and can find a boat load of vulnerabilities.
WhiteHat competes with Campbell, Calif.-based Cenzic Inc., which has a Web application testing suite that is offered as SaaS. The integration of static code analysis technology helps it aim at Burlington, Mass.-based Veracode Inc., which combines dynamic and static code analysis for application security audits. Klocwork Inc. also offers an automated source code analysis suite and Fortify Software Inc., now part of Hewett Packard, offers both static and dynamic analysis tools.
Sterlite's firewall implementation: Standardizing perimeter security
Sterlite's infosec policy, framed by Ernst & Young in 2007, while robust, wilted under the challenge of implementation due to its dependence on local control. The firewall implementation was further spurred by the need for central control/logging and ...
QLD cops get new 000 support
... $350: Vizio, the budget-friendly television ... http://zd.net/iYDQus LR=U1281182 #LulzSec: Doing it more for the money than the lulz? http://t.co/nDRcfD6 #infosec #security #hacking [FEED] First Impressions: 8" Vizio tablet coming in late July, ...
Posted by InfoSec News on Jun 23http://www.zdnet.com.au/netregistry-swoops-on-distributeit-339317311.htm
Posted by InfoSec News on Jun 23http://news.techworld.com/security/3287556/employee-hijacked-ceos-powerpoint-to-show-porn/
Posted by InfoSec News on Jun 22http://www.cbc.ca/news/technology/story/2011/06/21/technology-staples-business-depot-privacy-commissioner.html
Posted by InfoSec News on Jun 22http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202498009028
Posted by InfoSec News on Jun 22http://www.computerworld.com/s/article/9217860/Brazilian_government_energy_company_latest_LulzSec_victims
Posted by InfoSec News on Jun 22http://www.kansascity.com/2011/06/22/2968820/kc-man-pleads-guilty-in-hacking.html
Posted by InfoSec News on Jun 22http://www.washingtontimes.com/news/2011/jun/21/top-secret-clearance-checks-falsified/