All Articles

(Read more:  APT Secrets that Vendors Don't Tell)

The Heartbleed bug was a catastrophic vulnerability in widely used OpenSSL TLS implementation. This talk at CISO Platform Annual Summit, will give background how the Heartbleed bug was found by Cod

Bitcoin Transaction Malleability, an Insight by Daniel Chechik.The bitcoin network vulnerability had disturbed the huge bitcoin network. Plenty trading websites like Silk Road,MTGox and more have been victim to "Bitcoin Transaction Malleability." Thi

Cyber Safety in Cars and Medical Devices by Beau Woods, creator of IOT Security Framework. We are adopting connecting, computerized technology faster than we are able to secure it. When this technology is integrated into life and safety systems, bits

This talk will cover the concept of mis-using the hardware (x86 translation lookaside buffer) to provide code hiding and how the evolution of the Intel x86 architecture has rendered previous techniques obsolete and new techniques to perform TLB-split

With this article we are starting a new series of guidelines describing some basic assessment procedures one can carry out on various business applications that would help security professionals to expand their ERP systems’ immunity to attacks.

As we

CISO Platform Annual Summit @ Mumbai, last week saw over 250+ attendees for over 2 days making the the spirit of knowledge sharing and learning a huge success in the Information Security Executives of India. Here are the highlights of the awesome key

Securing a cloud environment requires, and offers a new approach to security: holistic Security Intelligence. Many organizations have dozens of different point products to address security concerns. For example, they may have a firewall from one vend

Myth: - DLP is for IT and it is an IT Project |Truth: - DLP is for Business and it is a Business Project

DLP Solution is implemented by IT for the business with the close association of various business departments; DLP implementation requires strong

This article will be about different guidelines, which can help to secure your SAP system. But nothing to worry about - this post will nevertheless remain useful and interesting, even if it does not contain information about 0-days or have no words l

Static Code Analysis: Binary vs. Source

Static Code Analysis is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. According to Gartner’s 2011 Magic Quadrant for Static Application Secu

The AppSec How -To:Visualizing and Effectively Remediating Your Vulnerabilities: The biggest challenge when working with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous results. Developers are quickly overwhelme

In Agile’s fast-paced environment and frequent releases,security reviews and testing sound like an impediment to success. How can you keep up with Agile demands of continuous integration and continuous deployment without abandoning security best prac

Why Read This Report

The data center perimeter is dead. But its memory lives on in the way many IT departments continue to secure their infrastructure. The meteoric rise of the Internet brought with it an ever-changing landscape of new attacks and co

Organization scramble to achieve high business growth often overlooked the underlying processes which are the core of any business operation. A manual process to handle employee separation process lead devastating circumstances. Most organization tak

We are conducting again the new OWASP CISO Survey 2014 and as a respected information security leader in the industry, OWASP (Open Web Application Security Project, www.owasp.org) would like to hear your opinion and invite you to share this survey in

To protect sensitive/critical data available on users’ laptops we implemented a remote backup solution that can back up the important files and folders on the users’ laptop to a remote server. The main purpose was to safeguard the sensitive/critical

Kotak Mahindra Bank has initiated the DLP implementation across all business units in a phased manner and the implementation was started 6 months ago with critical business units. The solution monitors all channels, viz. Internet, Email and End point

This project mainly aims to have an enterprise wide ITAM (IT Asset Management) Systems and endpoint protection and also to maintain the hardware and software inventory. It also brought in centralized IT management and control mechanisms for polices e

What is Shellshock Bug?

Shellshock is a security vulnerability(CVE-2014-6271) in the widely used Unix Bash Shell which was discovered by Stéphane Chazelas on 12 September 2014 and disclosed on 24 September 2014. Subsequently, various researchers have

If not all, we can point out the various major policies that can help you kick-off. For easy reading we've cut the details, here's the checklist:

AUP - Acceptable Use Policy or Fair Use Policy defines the ways/restrictions of using the Organisation's