These are my links for December 26th through January 15th:
- Investigating Breaches –
- Social Engineering: The Basics – What is social engineering? What are the most common and most current tactics? And how can your organization prevent these scams? A guide on how to stop social engineering.
- Jeremiah Grossman: Top Ten Web Hacking Techniques of 2009 (Official) – Every year the Web security community produces dozens of new hacking techniques documented in white papers, blog posts, magazine articles, mailing list emails, etc. Not to be confused with individual vulnerability instances brandishing CVE numbers, nor intrusions / incidents, but actual new methods of Web attack. Some techniques target websites, others Web browsers, and the rest somewhere in between. Historically much of this research would unfortunately end up in obscure corners of the Web and become long forgotten. Now it its fourth year the Top Ten Web Hacking Techniques list provides a centralized repository for this knowledge and recognize researchers contributing to the advancement of our industry. 2009 produced ~80 new attack techniques
- Various Online Password Crackers | carnal0wnage.attackresearch.com –
- Guerilla Security Leadership – fudsec.com –
- Jack Mannino: Not Educating Your Clients? FAIL – How many of you that have brought in external consultants for some type of security engagement felt like you paid a lot of money for something you really didn't understand? Or better yet, how many of you have brought them in and felt like after they left you had less of an understanding of your environment and what your true risks were? It seems as though its becoming standard practice for a lot of groups to test for a few days (or simply run automated tools), crank out a templated report, and give a short presentation at the end of an engagement without detailed guidance for making the world a better place. Is there any value in this? Maybe, but for what you've likely paid not NEARLY enough.
- Blog :: by Wade Woolwine » Blog Archive » Thoughts on an AppSec program – The Team – Start of a multi-part series on an developing an AppSec Program
- Jeremiah Grossman: Overcoming Objections to an Application Security Program – Today a large percentage of security professionals truly “get” application security. They understand the importance, the best-practices, the value, etc. What inhibits their success the most in building an effective application security program is a lack of buy-in from the business and support from development groups. Justifying the investment remains extremely challenging and many security professionals tend to encounter the same objections.
- The Basic Laws of Human Stupidity –
- 500 Internal Server Error – 500 Internal Server Error
Recent Comments