Lately NIST is very much intrigued with Cloud computing infrastructures, …not sure it is part of President Obama’s Stimulus plan ! Without doubt it makes the US Government as the most influential Cloud customer. Like everyone else, NIST also feels Security as the paramount challenge ahead before adoption…. ofcourse, Security cannot be an afterthought or post-mortem process after a breach… Read more »
Looks like another malware storm…my buddy Microsoft Windows user is itching the head with a burning stick and cleaning up his entire data/malware center..as it is suspected that Conficker Worm (Conficker Version C and D) might have infected million of computers running MS Windows environment – not sure it affects both server and desktops. The worm is programmed to modify… Read more »
Access control exploits, user credential exposures and related security compromises are becoming increasingly common in Web 2.0 world ! Most of these issues pertain to broken or insufficient authentication controls and flawed credential management that allows attackers to compromise vulnerable applications by stealing or manipulating credentials such as passwords, keys, session cookies and/or impersonating another user through forged or guessed credentials. Any such access control… Read more »
Web 2.0 applications are proliferating and it has become widely popular for delivering dynamic user-generated content, information collaboration, data mashups, social networking and Web services. Building security for Web 2.0 applications pose several daunting challenges to Web 2.0 developers as these applications are publicly accessible and it blindly opens door to several intentional/unintentional abuses and malicious practices including data interception and manipulation by… Read more »
Web 2.0 is not my forte but I am not ignorant to know its overwhelming adoption and popularity ! In my understanding, Web 2.0 is another Web based application paradigm that enables delivering user-generated content via aggregation, participation and collaboration on the Internet using Web based protocols. No doubt, everyday a new breed of Web 2.0 application is finding its… Read more »
Lately, Biometric identification and authentication technologies gaining unprecedented importance in government organizations across the globe as evidenced in the US by introduction of HSPD-12, HSPD-24 and and other countries complying with ICAO requirements for biometric-enhanced machined readable traveller documents (MRTDs) / ePassports providing support for Facial/Fingerprint identification for travelers passing through airports, security-sensitive locations and ensuring protection against identity thefts…. Read more »
One thing I noticed lately…is lot of interest about understanding the usage of ‘Obfuscated Transfer Object (OTO) ‘ from Core Security Patterns. I got multiple emails about its code and implementation .. understandably there is a growing security concern about using Transfer Object (aka Value Object) that passes security-sensitive data elements between Java EE tiers (especially between Presentation/Business/Persistence), when the… Read more »
Few weeks ago, US Dept. of Homeland security (National Cyber Security Division) in collaboration with SANS Institute/MITRE teams worked together and released a list of 25 dangerous programming errors as common security flaws, which opens doors for easy exploitation. My first look at this list, I thought it is a old wine in a new bottle as the document sounded… Read more »
Last night, I had the opportunity to present at an OWASP event @Hartford, CT. James McGovern, a long-time buddy of mine organized this event at one of the Hartford skyscrappers – What a great view ! I had contributed code artifacts to OWASP projects before, but it was the first time I had a chance to attend an OWASP event…. Read more »
IT Security, Compliance Auditing and Governance has been on my focal areas for many years now…but I did’nt have a chance to explore it more closely due to my hands-on technical focus on implementing security solutions. Ofcourse, you can’t practice IT security implementation and compliance auditing together as a job – that certainly defeats the fundamental principles of security. So… Read more »