All Blog Posts Tagged 'Application' (43)

How to choose your Security / Penetration Testing Vendor?

A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration Testers.…


Added by CISO Platform on September 3, 2019 at 9:30am — No Comments

(Free PPTs) Top Talks @ SACON - 2019 !

Get free access to the presentations by Dr. Phil Polstra, Wayne Tufek, Madhu Akula, Anant Shrivastava, Shomiron Das Gupta, Wasim Halani, Sahir Hidayatullah, Sudarshan Pisupati & more. SACON is one of the largest Security Architecture Conferences in APAC region. With over 500+ participants, this was the 6th edition of SACON and here are a few highlights we wanted to share with you. It was held on 15-16th Feb, Bangalore, India.…


Added by pritha on February 28, 2019 at 4:30pm — No Comments

Top 5 Technologies To Protect Against Zero Day Malware

Cyber-targeted attacks such as APTs are the primary cause of concern for any organization that holds data which can be of interest to attackers. The motivations are diverse and the attackers are highly sophisticated and relentless in their approach. Traditional security tools are proving to be ineffective against such attacks as evidenced by the ubiquitous stories of successful breaches.  In this time, it is considered that the more security tools you have the better secure you are which is…


Added by Atul kumar Singh (CISO Platform) on August 22, 2016 at 10:00am — No Comments

SAP Security for CISO’s. Part two: Beginner’s introduction to SAP

This time we will speak about SAP in particular. So, what is SAP? First of all, SAP is a German company that develops and sells business software. SAP is famous for its ERP system - the most widespread business application. However, SAP provides much more than just an ERP. In 2005, it introduced its SAP Business Suite – a number of integrated business applications such as ERP, CRM, PLM, SCM, and SRM. These business applications consist of different components. For example, ERP includes…


Added by Alexander Polyakov on February 15, 2016 at 1:30am — No Comments

SAP Afaria Stored XSS vulnerability - detailed review

Today we will show how SAP Afaria, an MDM solution from a world-famous software vendor, works and how cybercriminals can attack it in different ways.

In a nutshell, MDM is a set of services that help an administrator of a large company to control the mobile devices (smartphones, tablets, phablets and so on and so forth) of employees, thus establishing the security measures of corporate data stored and processed on those devices. A special application called MDM client is installed on…


Added by Alexander Polyakov on November 25, 2015 at 8:32pm — No Comments

Securing SAP Systems from XSS vulnerabilities Part 3: Defense for SAP NetWeaver J2EE

From the developer’s perspective

For AS Java, the encoding is available as tc_sec_csi.jar. There is a static class and an interface which provides the encodings for HTML/XML, JavaScript, CSS and URL. Also it is available to use methods of public class StringUtils (

  • escapeScriptEndTag(String pStr) - Prepare a string to be used for a javascript…

Added by Alexander Polyakov on August 25, 2015 at 5:47pm — No Comments

Oracle Security: Researchers' response to the post by Oracle CSO Mary Ann Davidson

Hello, dear readers! Today I would like to talk about Oracle Security.

On August 11, Mary Ann – Oracle's CSO - published an incredibly shocking post about security researchers which was promptly deleted (either by herself or somebody else). The post was discussed by multiple resources such as…


Added by Alexander Polyakov on August 24, 2015 at 6:38pm — No Comments

SAP Passwords part 2: SAP HANA Secure Storage. How it works

In our previous article we’ve already covered how SAP ABAP Security Storage works. Today’s post is dedicated to SAP HANA Security Storage.

SAP HANA is a recent key product of SAP. It is a software solution based on the in-memory technology, that reduces the time of the data processing significantly.

This product has obviously caused an excitement among large enterprises interested in…


Added by Alexander Polyakov on June 24, 2015 at 4:00pm — No Comments

Securing SAP Systems from XSS vulnerabilities Part 1: Introduction

With this article we are starting new series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. XSS is by far one of the most popular vulnerability indeed in all products and a most popular vulnerability in SAP products with total number of 628 vulnerabilities that is almost 22% of all vulnerabilities ever found in SAP during 12 years. You can find this in our latest research…


Added by Alexander Polyakov on June 17, 2015 at 3:45pm — No Comments

Bypass Firewalls, Application White Lists, Secure Remote Desktops in 20sec

(Source: Defcon 22-Las Vegas)

Added by CISO Platform on August 14, 2014 at 3:30am — No Comments

Instrumenting Point-of-Sale Malware

(Source: Defcon 22-Las Vegas)

Added by CISO Platform on August 14, 2014 at 3:00am — No Comments

Client Side HTTP Cookie Security

Added by CISO Platform on August 14, 2014 at 2:40am — No Comments

A Journey to Protect Points of Sale

(Source: Defcon 22-Las Vegas)

Added by CISO Platform on August 14, 2014 at 2:30am — No Comments

A Tour through the Dark Side of the Internet

(Source: Defcon 22-Las Vegas)

Added by CISO Platform on August 14, 2014 at 2:30am — No Comments

Attacking the Traveling Salesman

Added by CISO Platform on August 14, 2014 at 2:20am — No Comments

Checklist to Evaluate A Cloud Based WAF Vendor

These days’ web applications are under siege. Commercially motivated Hackers, bots, and fraudsters are attacking around the clock, attempting to steal data, disrupt access, and commit fraud which today’s next generation firewall, IPS and other network security product are unable to safeguard. So in order to prevent…


Added by pritha on July 4, 2014 at 1:00am — No Comments

Checklist for PCI DSS Implementation & Certification

PCI DSS – Stringent but Exhilarating to Implement (Project PCI DSS Implementation & Certification)

PCI DSS stand for Payment Card Industry Data Security Standard is a robust, comprehensive, technology driven, transparent, explicit standard to enhanced security controls around payment card and related account data by ensuring the safe…


Added by pritha on June 24, 2014 at 8:00pm — No Comments

Security Technology Implementation Report: Annual CISO Survey

We are happy to announce the results of the annual survey of Security Implementation Status and Industry Benchmarking (CPSMM), in which 331 companies have participated. The data has been collected through the survey conducted online as well as during Top 100 CISO Awards. We have planned a series of interesting information which shall provide…


Added by pritha on January 31, 2014 at 1:00am — 3 Comments

Database Security Vendor Evaluation Guide

Requirement for solutions related to Database security

A CISO should define the requirement for solutions related to Database security by first understanding the business and threat environment and decide on the most applicable threats and security parameters while balancing performance of application and security.

(


Added by CISO Platform on August 28, 2013 at 2:00pm — No Comments

My Key Learning While Implementing Database Security

Top steps during the implementation of a project related to Database Security

1.As most of the times, application developers or persons implementing the applications also work as database administrators, it is important that database administration is handled by different persons in the team. For bigger projects, you should have a separate database team. This helps on most of the occasions to have better control on database management and…


Added by CISO Platform on August 28, 2013 at 1:30pm — No Comments

Monthly Archives











© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service