Social Network For CISO (Chief Information Security Officers)
Cyber-targeted attacks such as APTs are the primary cause of concern for any organization that holds data which can be of interest to attackers. The motivations are diverse and the attackers are highly sophisticated and relentless in their approach. Traditional security tools are proving to be ineffective against such attacks as evidenced by the ubiquitous stories of successful breaches. In this time, it is considered that the more security tools you have the better secure you are which is…
ContinueAdded by Atul kumar Singh (CISO Platform) on August 22, 2016 at 10:15am — No Comments
This time we will speak about SAP in particular. So, what is SAP? First of all, SAP is a German company that develops and sells business software. SAP is famous for its ERP system - the most widespread business application. However, SAP provides much more than just an ERP. In 2005, it introduced its SAP Business Suite – a number of integrated business applications such as ERP, CRM, PLM, SCM, and SRM. These business applications consist of different components. For example, ERP includes…
ContinueAdded by Alexander Polyakov on February 15, 2016 at 1:30am — No Comments
Today we will show how SAP Afaria, an MDM solution from a world-famous software vendor, works and how cybercriminals can attack it in different ways.
In a nutshell, MDM is a set of services that help an administrator of a large company to control the mobile devices (smartphones, tablets, phablets and so on and so forth) of employees, thus establishing the security measures of corporate data stored and processed on those devices. A special application called MDM client is installed on…
ContinueAdded by Alexander Polyakov on November 25, 2015 at 8:32pm — No Comments
For AS Java, the encoding is available as tc_sec_csi.jar. There is a static class and an interface which provides the encodings for HTML/XML, JavaScript, CSS and URL. Also it is available to use methods of public class StringUtils (com.sap.security.core.server.csi.util.StringUtils):
Added by Alexander Polyakov on August 25, 2015 at 5:47pm — No Comments
Hello, dear readers! Today I would like to talk about Oracle Security.
On August 11, Mary Ann – Oracle's CSO - published an incredibly shocking post about security researchers which was promptly deleted (either by herself or somebody else). The post was discussed by multiple resources such as…
ContinueAdded by Alexander Polyakov on August 24, 2015 at 6:38pm — No Comments
In our previous article we’ve already covered how SAP ABAP Security Storage works. Today’s post is dedicated to SAP HANA Security Storage.
SAP HANA is a recent key product of SAP. It is a software solution based on the in-memory technology, that reduces the time of the data processing significantly.
This product has obviously caused an excitement among large enterprises interested in…
ContinueAdded by Alexander Polyakov on June 24, 2015 at 4:00pm — No Comments
With this article we are starting new series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. XSS is by far one of the most popular vulnerability indeed in all products and a most popular vulnerability in SAP products with total number of 628 vulnerabilities that is almost 22% of all vulnerabilities ever found in SAP during 12 years. You can find this in our latest research…
ContinueAdded by Alexander Polyakov on June 17, 2015 at 3:45pm — No Comments
(Source: Defcon 22-Las Vegas)
Added by CISO Platform on August 14, 2014 at 3:30am — No Comments
(Source: Defcon 22-Las Vegas)
Added by CISO Platform on August 14, 2014 at 3:00am — No Comments
(Source: Defcon 22-Las Vegas)
Added by CISO Platform on August 14, 2014 at 2:30am — No Comments
(Source: Defcon 22-Las Vegas)
Added by CISO Platform on August 14, 2014 at 2:30am — No Comments
These days’ web applications are under siege. Commercially motivated Hackers, bots, and fraudsters are attacking around the clock, attempting to steal data, disrupt access, and commit fraud which today’s next generation firewall, IPS and other network security product are unable to safeguard. So in order to prevent…
Added by pritha on July 4, 2014 at 1:00am — No Comments
PCI DSS – Stringent but Exhilarating to Implement (Project PCI DSS Implementation & Certification)
PCI DSS stand for Payment Card Industry Data Security Standard is a robust, comprehensive, technology driven, transparent, explicit standard to enhanced security controls around payment card and related account data by ensuring the safe handling of card…
ContinueAdded by pritha on June 24, 2014 at 8:00pm — No Comments
We are happy to announce the results of the annual survey of Security Implementation Status and Industry Benchmarking (CPSMM), in which 331 companies have participated. The data has been collected through the survey conducted online as well as during Top 100 CISO Awards. We have planned a series of interesting information which shall provide…
Added by pritha on January 31, 2014 at 1:00am — 3 Comments
Requirement for solutions related to Database security
A CISO should define the requirement for solutions related to Database security by first understanding the business and threat environment and decide on the most applicable threats and security parameters while balancing performance of application and security.
( Read more: …
ContinueAdded by CISO Platform on August 28, 2013 at 2:00pm — No Comments
Top steps during the implementation of a project related to Database Security
1.As most of the times, application developers or persons implementing the applications also work as database administrators, it is important that database administration is handled by different persons in the team. For bigger projects, you should have a separate database team. This helps on most of the occasions to have better control on database management and…
Added by CISO Platform on August 28, 2013 at 1:30pm — No Comments
WHY APPSEC (APPLICATION SECURITY) WON’T ALWAYS BAIL YOU OUT OF APPLICATION BASED RISKS?
It is very typical of organizations to perform Web Application (WebApp) Security Assessments before the go-live of newer applications or periodic assessments of their existing applications. And these assessments are known by all sorts of aliases like Application Penetration Testing (App PenTest), Ethical Application Hacking etc. For those companies lacking the internal core…
ContinueAdded by Dhananjay Rokde on June 27, 2013 at 11:00am — No Comments
1. Run Time Application Security Protection (RASP)
Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself during run time.
RASP is an integral part of an application run time environment and can be implemented as an extension…
ContinueAdded by bikash on May 14, 2013 at 6:30pm — No Comments
2018
2017
2016
2015
2014
2013
2012
1999
© 2018 Created by CISO Platform   |
Powered by
Badges | Report an Issue | Privacy Policy | Terms of Service