HackDig : Dig high-quality web security articles for hacker

Cybersecurity vs Productivity: The CISO’s Dilemma

Today organizations are struggling with the best way to protect against attacks that are targeting the endpoint. Too often, the security strategy has been to put the onus on the individual employee. Research has shown, over and over again, that training and user restrictions are both tedious and expensive, and have a very low success rate. This is because c
Publish At:2017-10-23 23:40 | Read:1544 | Comments:0 | Tags:Company News CISO defense dilemma end users hackers infograp

Closing the Skills Gap: Making the Case for a Blended Training/Education Approach

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself and, you will succumb in every battle.” –Sun Tzu, “Attack by Stratagem” #18 Art of WarCybersecurity media is awash with coverage
Publish At:2017-03-09 17:00 | Read:2989 | Comments:0 | Tags:Featured Articles Security Awareness Defense Information Sec

My Thoughts On "no internet for the public sector"

What up.Recently, Singapore government has decided to cut off the internet for public servants for security reasons. It was said that we are one of the prime targets. WHO ISN'T? To read more, goto: http://www.bbc.com/news/world-asia-36476422What are my thoughts on this?*It was first written on a facebook comment in response to an annoying post with bad
Publish At:2016-11-19 18:20 | Read:2331 | Comments:0 | Tags:defense government not_very_smart ramblings singapore

Dealing with Security in the Real World

Seven months ago I began an odyssey through our medical system that ended in December with my last visit to my surgeon’s office.Throughout the entire experience, I couldn’t help but make mental notes about the security practices I encountered.I want to be clear from the beginning – nothing I saw was egregious or malicious, just caring people try
Publish At:2016-01-07 14:20 | Read:1598 | Comments:0 | Tags:Featured Articles Security Awareness Defense HIPPA Hospital

Cyber domain black swans

What are black swans? In defence, a black swan is a way someone has passed all your defences, although you thought you covered all the attacking vectors. A black swan is an incident that you didn’t participate. It’s a sign for the irrational way of human thinking. When you see only white swans, you don’t thin
Publish At:2015-11-09 22:30 | Read:1541 | Comments:0 | Tags:Breaking News Security black swans Cyber domain defense Hack

Understanding External Security Threats

Cyber security is now a board-level risk across the entire spread of industry. However, it is a broad subject with a large number of unknowns, and some might say there’s no real way to ever discover or quantify those unknowns.Unfortunately, this can result in cyber security being poorly understood and boards vulnerable to being misled by ‘snake-oil’ so
Publish At:2015-10-07 13:20 | Read:2388 | Comments:0 | Tags:Featured Articles Risk-Based Security for Executives Defense

Attacks Might Be Sophisticated, But So Can Be Your Defense Mechanisms

When working in security, the top priority is to protect your organization’s business-critical data from cyber attacks.You know that your traditional security mechanisms are in place – the database is secure; you have implemented audit trails and encryption on sensitive data, and you instituted pretty tight access control. Anti-virus solutions are in place,
Publish At:2015-09-01 10:40 | Read:1485 | Comments:0 | Tags:Featured Articles Risk Management cyber attack Defense IoC M

AppSensor Code Version 2.1 and Beyond

Last Tuesday John Melton completed and announced the release of the AppSensor version 2.1.0 reference implementation.OWASP AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement application intrusion detection and automated response. The reference implementation allows developers to use these powerful
Publish At:2015-06-15 13:30 | Read:1722 | Comments:0 | Tags:development design threats technical specification monitorin

SANS 2015 State of Application Security

The SANS Institute has published this year's survey results about application security programmes.In a change to last year's report the authors of 2015 State of Application Security: Closing theGap have identified and broken down their analysis and reporting into two groups of survey respondents - builders and defenders.Jim Bird, Eric Johnson and Frank Kim a
Publish At:2015-05-18 09:00 | Read:1957 | Comments:0 | Tags:testing information assurance disposal development maturity

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:2241 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

AppSensor CISO Briefing

Following the release of the Introduction for Developers in February, the OWASP AppSensor team has now created and published a new document aimed at Chief Information Security Officers (CISOs) and others with similar responsibilities.The CISO Briefing is a high-level overview, with pointers to the more detailed resources for specifiers, architects, developer
Publish At:2015-04-24 20:20 | Read:2430 | Comments:0 | Tags:incidents logging operation automation specification technic

Remote Banking Fraud Up, Card Fraud Up

The Financial Fraud Action UK (FFA UK) has published its latest figures about financial fraud in the UK.e-commerce card fraud losses increased from £190.1m in 2013 to £217.4m in 2014 — a 14 per cent riseIn a news release published at the end of March, the FFA UK states the increase is primarily due to a change in tactic by fraudsters who are deceiving custom
Publish At:2015-04-14 15:55 | Read:2042 | Comments:0 | Tags:defense metrics incidents PCIDSS operation

The Hard Problem of Securing Enterprise Applications

This paper about securing enterprise applications has been sitting in my email since November. I eventually got round to reading it and apologise for not highlighting it sooner.Vendor recommended security controls and compliance requirements leave huge gaps in application security. ... Most have no understanding of how the application platforms work, where s
Publish At:2015-03-20 07:00 | Read:1868 | Comments:0 | Tags:detective ids technical threats defense monitoring correctiv

Introduction to AppSensor for Developers

Following the recent v2.0 code release and promotion to flagship status there has been increased interest in the OWASP AppSensor Project concerning application-specific real-time attack detection and response.During the OWASP podcast interview with project co-leader John Melton, the idea of creating briefings for target groups was discussed by podcast host M
Publish At:2015-03-06 06:40 | Read:3209 | Comments:0 | Tags:corrective administrative specification technical threats op

User Interface Modifications to Combat Buyer Fraud

A paper published for the 2015 Network and Distributed System Security (NDSS) Symposium in February describes user interface modification techniques to address liar buyer fraud, and the results of experiments assessing the potential for these to reduce ecommerce fraud losses.Liar Buyer Fraud, and How to Curb It authors Markus Jakobsson, Hossein Siadati and M
Publish At:2015-03-03 14:50 | Read:1507 | Comments:0 | Tags:defense administrative preventative threats operation awaren

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud