Sunday, June 29, 2014

Establishing your Information Security Program - Part 1


Establishing an Information Security program can make or break an organization. So what do you need to get that started?
We have friend of the show Phil Beyer come in and discuss with us the five steps of the creation of an Information Security Program.  Join us for Part 1, and next week, we'll finish up with a little Q&A, as well as what a 'risk register' is.

Here is a new episode of Brakeing Down Security!

Sunday, June 22, 2014

OWASP Top Ten: 1-5


We finished up the OWASP Top Ten List. We discussed Injection, XSS, and other goodness.

 

 

 

http://risky.biz/fss_idiots  - Risky Business Interview concerning Direct Object Reference and First State Superannuation

http://oauth.net/2/ - Great information on OAUTH 2.0.

 

 

 

Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Here is a new episode of Brakeing Down Security!

Monday, June 16, 2014

OWASP Top Ten: Numbers 6 - 10


As we wade through the morass of the Infosec swamp, we come across the OWASP 2013 report of web app vulnerabilities. Since Mr. Boettcher and I find ourselves often attempting to explain these kinds of issues to people on the Internet and in our daily lives, we thought it would be prudent to help shed some light on these.

So this week, we discuss the lower of the top 10, the ones that aren't as glamorous or as earth shaking as XSS or SQLI, but are gotchas that will bite thine ass just as hard.

Next week is the big ones, the Top 5... all your favorites, in one place!

 

OWASP Top 10 (2013) PDF:  http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf

Costs of finding web defects early (2008): http://www.informit.com/articles/article.aspx?p=1193473&seqNum=6

 

 

 

 

Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Here is a new episode of Brakeing Down Security!

Sunday, June 8, 2014

Talk with Guillaume Ross - Part 2 (all things cloud)


This is part 2 of our podcast interview with Guillaume Ross, Infosec professional who is well versed with the intracacies of various cloud architectures, whether they are IaaS, PaaS, or SaaS.  This part of the podcast discussed how contracts are established, and we ask if smaller cloud providers have a chance against behemoths like Google, Amazon, and Microsoft.

 

Links brought up during the interview:

 

Rich Mogull's $500 Epic fail - https://securosis.com/blog/my-500-cloud-security-screwup

Rich Mogull's write up on how the aftermath and investigation - https://securosis.com/tag/cloud+security

 

Amazon VPC: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html

Azure Endpoints (how-to): http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/?rnd=1

 

Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Here is a new episode of Brakeing Down Security!

Sunday, June 1, 2014

It all goes in "the cloud"

Brian and I interviewed Mr. Guillaume Ross (@gepeto42), an Information Security professional who helps organizations get themselves situated into cloud based solutions. We get a better understanding of why people would want to put their info into the 'cloud' and how they are different than traditional co-lo and datacenters.



Guillaume's Blog: http://blog.binaryfactory.ca/




AWS (amazon) Security Best Practices WhitePaper: http://aws.amazon.com/whitepapers/aws-security-best-practices/


Amazon EC2 FAQ: http://aws.amazon.com/ec2/faqs/


Microsoft's Azure FAQ:http://azure.microsoft.com/en-us/support/faq/?rnd=1






"cloud computing icon" courtesy of smartdatacollective.com



Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 3.0

http://creativecommons.org/licenses/by/3.0/


Brian and I interviewed Mr. Guillaume Ross (@gepeto42), an Information Security professional who helps organizations get themselves situated into cloud based solutions. We get a better understanding of why people would want to put their info into the 'cloud' and how they are different than traditional co-lo and datacenters.

 

Guillaume's Blog: http://blog.binaryfactory.ca/

 

AWS (amazon) Security Best Practices WhitePaper: http://aws.amazon.com/whitepapers/aws-security-best-practices/

Amazon EC2 FAQ: http://aws.amazon.com/ec2/faqs/

Microsoft's Azure FAQ:http://azure.microsoft.com/en-us/support/faq/?rnd=1

 

 

"cloud computing icon" courtesy of smartdatacollective.com

 

Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Here is a new episode of Brakeing Down Security!