-
Verify the security of your mobile apps
The enterprise is increasingly turning to mobile app developers for solutions to leverage interest in BYOD. Gartner estimates that 70% of mobile professionals will conduct their work on personal smart devices by 2018. The app development boom has fostered a competitive environment for developers and there is a focus on speed. But In the rush to deploy enterprise apps and start reaping the benefits, it is easy to overlook key security risks that could cause irreparable damage to your business.
-
Hackers, Security Pros Talk Penetration Testing, Social Engineering
CIO.com goes undercover (sort of) at GrrCon, the Midwest's premier conference on penetration testing and software security, to learn about cloud security, hacking, lock picking and more.
-
Application security testing
This article provides you with an overview of the current state of application security testing. Some of the challenges with application security testing include ensuring adequate coverage of black-box application testing, false negative issues with white box testing using automated source code analysis software and the lack of experience in the security industry with testing of client side applications.
-
Staying alive after migrating to the cloud
Multi-tenant cloud providers might promise greater resiliency, ‘five nines’ uptime and better security than some in-house managed infrastructure, but organisations would be wise not to assume the provider has covered all bases.
-
Tax office outlines penetration testing strategy - AusCERT 2011
Getting customers to recognise penetration testing as legitimate mitigation against potential hacks has proved vital for the Australian Taxation Office's (ATO) vulnerability management unit.
-
Penetration Testing
This is a real issue, and not just one for the well publicised attacks on major corporations such as Sony, Lockheed, Google, and Citi. It affects every business and organisation, large and small. More worrying still, it is now widely suggested that hackers and espionage organisations are moving away from directly attacking their target company, choosing instead to route their attack through suppliers to their target. Thus, even small and seemingly innocuous “third party” businesses who would not consider themselves as potential targets are now on the front line of this cyber war.
Get exclusive access to CSO, invitation only events, reports & analysis. - 1
Dell targets ANZ security opportunities as SecureWorks debuts locally
- 2
AusCERT 2013: Cloud-based scanner identifies new malware by its ancestry
- 3
AusCERT 2013: Users, cats more likely hack culprits than cyber-espionage: Trustwave
- 4
ACMA database keeps finger on Australia’s malware pulse
- 5
Lethal medical device hack taken to next level
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
