10 Questions to ask when Outsourcing to Azure

  Top ten questions Which process, application and information can be moved to the cloud to gain efficiency and cost benefits while satisfying the organization’s security and compliance requirements? How can the organization be harmed if systems, applications, services or information are accessed by unauthorized people and information is being made available to the public?…

0

List of four Kinect Security items

For a device that should be all about games, people are sure thinking up ways to use the Kinect for things like medicine and security.  With security you might want to take a look at the following URLs: In home paranoia: Kinect Long Term Privacy Issues Daunting? A cover for your Kinect: Address Security and…

0

Pretty as a Picture Password, is it secure, really? How do you know? How can anyone know?

There are few things in life that are just freaking awesome!  Having baby like the Egan’s just have (I guess), getting a degree in Computer Science, Engineering, Math or Science.  A little further down the list is logging into your computer using a picture!  This does mean that you will have to keep your screen…

0

5 top links: Security in Windows 8

Wow, Security in Windows 8 is going to move the needle.  Here are 5 of the links I Protecting you from malware Protecting your digital identity Signing in with a picture password Optimizing picture password security (Keep your screen clean if you use this one!) http://code.msdn.microsoft.com/windowsdesktop/Security-Sample-42013a3b Nice.  Looks like a lot of work for all…

4

5 Links for Securing Silverlight

When my page views are extremely positive, it is time to discuss security, why? Because security is always a way to drive the numbers down.  Let’s face it, no one wants to face the world of security or the discipline.  Tell a potential “partner” that you do software security and it is likely that you…

0

Free NSA Guidance for Addressing Malicious Code Risk and vocabulary list

Yep, that’s NSA as in National Security Agency, and you don’t have to burn it after reading!  This is a great way to get up to speed on code risks.  Zoom over to GUIDANCE FOR ADDRESSING MALICIOUS CODE RISK (you tell it is serious because it is all caps) So act now for this publication…

0

OS Command Injection

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) See this previous blog for this subject: Software insecurity: Insecure Interaction Between Components So what is an “OS Command Injection”? (From: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not…

0

Software Insecurity: SQL Injection code example

Code example of a bad example: SQL Injection using C# Code Snippet string userName = connection.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND item = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable datatable = new DataTable(); sda.Fill(datatable); SELECT * FROM items WHERE…

0

Software Insecurity: Risky Resource Management

The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources. CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE-494 Download of Code Without Integrity…

0

Software insecurity: Insecure Interaction Between Components

The top 6 software insecurities, with links. CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CWE-434 Unrestricted Upload of File with Dangerous Type CWE-352 Cross-Site…

0