NIST proposes Secure Software Development Framework

cyber-security-framework

Ever since Bill Gates fired off his famous Trustworthy Computing memo in January 2002, developing secure software has been a hot topic of discussion. It was important before then, for sure, but it was often overlooked. It took a series of high-profile worms such as Code Red and Nimda and a series of breaches to […]

Gestor de contraseñas: ¿herramienta segura o vulnerable?

Seamos realistas: las contraseñas no son sólo un incordio, encima ni siquiera logran ser seguras. El ciudadano medio tiene docenas de combinaciones de nombre de usuario y contraseña que debe recordar y muchos llegan a acumular cientos de combinaciones que no utilizan. Es imposible recordarlas todas, y ese es un gran motivo para que la […]

Password managers: Secure tool or single point of weakness?

Let’s face it: Passwords are not only a hassle, they also don’t make the most effective locks. The average person has dozens of username and password combinations to remember. People who are very active online have hundreds of such combinations. It’s just impossible to remember them all, and that’s a big reason why people tend to use the same password […]

Want to improve app security? Do this one thing

While it’s certainly not surprising that simply beginning an application security program reduces application security risks, it is good news. According to application security firm Veracode’s seventh annual State of Software Security (SoSS) report, an impressive 46 percent reduction in flaw density can be achieved just by putting in place formal application security processes and application security scanning. When good […]

Enterprise security still overlooking this weak link

web application security CSC Blogs

Every year, Web-based attacks are among the most popular attack vector against enterprise data. Of course, the layer of the technology stack where attackers focus their attention changes over time. When viruses and malware were spread by disk, exploitation was primarily aimed at the operating system layers. That changed as systems became connected, and enterprises […]

A big — and worrisome — disconnect in enterprise IT security

Enterprise IT security CSC Blogs

When it comes to keeping enterprise systems and data secure, application security takes top billing. No matter how tight and snug an enterprise keeps security controls, an attacker need only exploit a vulnerability in an app to slither on in and grab a foothold. This is why application security and configuration management form such an important baseline to avoid attacks. Good application […]