Wednesday, November 05, 2008
Saturday, October 18, 2008
Anand Vs Kramnik - World Chess Championship 2008 - Live from Bonn, Germany
http://www.uep-worldchess.com/
Labels:
Anand,
Chess,
Kramnik,
Mind Games,
World Chess Championship 2008
Wednesday, September 10, 2008
Web Application Security statistics for year 2007
Web Application Security Consortium ( http://www.webappsec.org/ ) released a survey for Web Application Security vulnerabilities for the year 2007. XSS still dominates the arena. Well detailed, worth a read : http://www.webappsec.org/projects/statistics/
Friday, May 30, 2008
the DONs of Security
Here is a list of 15 most influential people in Security compiled by eWeek:
'1. Tavis Ormandy, Google Security Team'
'2. Ivan Krstic, One Laptop Per Child'
'3. Chris Paget, IOActive'
'4. Bunnie Huang, Bunnie Studios'
'5. Michal Zalewski, Google'
'6. Window Snyder'
'7. The MOAB Hackers'
'8. Dino Dai Zovi'
'9. Michael Howard, Microsoft'
'10. HD Moore, Metasploit '
'11. Dave Aitel, Immunity'
'12. Bronwen Matthews, Microsoft'
'13. John Pescatore, Gartner'
'14. Rob Thomas and Team Cymru'
'15. Stefan Esser, Hardened PHP Project'
The original article can be found at :
http://www.eweek.com/c/a/Security/The-15-Most-Influential-People-in-Security-Today/
'1. Tavis Ormandy, Google Security Team'
'2. Ivan Krstic, One Laptop Per Child'
'3. Chris Paget, IOActive'
'4. Bunnie Huang, Bunnie Studios'
'5. Michal Zalewski, Google'
'6. Window Snyder'
'7. The MOAB Hackers'
'8. Dino Dai Zovi'
'9. Michael Howard, Microsoft'
'10. HD Moore, Metasploit '
'11. Dave Aitel, Immunity'
'12. Bronwen Matthews, Microsoft'
'13. John Pescatore, Gartner'
'14. Rob Thomas and Team Cymru'
'15. Stefan Esser, Hardened PHP Project'
The original article can be found at :
http://www.eweek.com/c/a/Security/The-15-Most-Influential-People-in-Security-Today/
Friday, February 08, 2008
CISSP Preparation : Plan and Efforts
Preparing for CISSP:
Here are my two words, might help for your CISSP prep.
My Date :
April 2005
Changes Since :
A new topic on Application Security has been added into the 10 domains
Time :
4 to 6 months
Books Covered :
1] ISC2 Official Guide for CISSP ( 1st Priority )
( http://www.amazon.com/Official-ISC-Guide-CISSP-Press/dp/0849382319/ref=sr_1_1/104-1441772-1525525?ie=UTF8&s=books&qid=1202456055&sr=1-1 )
2] Shon Harris
( http://www.amazon.com/CISSP-Certification-All-One-Guide/dp/0071497870/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1202456103&sr=1-1 )
3] Wiley - CISSP Prep Guide ( good as aux. info, can do without it )
( http://www.amazon.com/CISSP-CAP-Prep-Guide-Platinum/dp/0470007923/ref=sr_1_3?ie=UTF8&s=books&qid=1202456134&sr=1-3 )
4] cccure.org ( Good to cover corner concepts, limited use cosidering actual exam questions )
( http://www.cccure.org/ )
5] Hal Tipton - Information Security Management Handbook ( Awesome resource - only if you have >= 6 months )
( http://www.amazon.com/Information-Security-Management-Handbook-CD-ROM/dp/1420060457/ref=sr_1_3/104-1441772-1525525?ie=UTF8&s=books&qid=1202456055&sr=1-3 )
6] Michael Overly Guide ( for last 15 days )
( http://www.cccure.org/ )
Study Plan :
Would recommend giving a serious 4-6 months of dedicated effort, completing the ISC2 official guide first. Then Shon Harris, and then the rest if time permits. Prepare in a group. For the last 15 days refer Michael Overly.
All the best.
My Favorite Topics :
Cryptography
Application Security
Telecommunication and Network Security
Physical Security
Here are my two words, might help for your CISSP prep.
My Date :
April 2005
Changes Since :
A new topic on Application Security has been added into the 10 domains
Time :
4 to 6 months
Books Covered :
1] ISC2 Official Guide for CISSP ( 1st Priority )
( http://www.amazon.com/Official-ISC-Guide-CISSP-Press/dp/0849382319/ref=sr_1_1/104-1441772-1525525?ie=UTF8&s=books&qid=1202456055&sr=1-1 )
2] Shon Harris
( http://www.amazon.com/CISSP-Certification-All-One-Guide/dp/0071497870/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1202456103&sr=1-1 )
3] Wiley - CISSP Prep Guide ( good as aux. info, can do without it )
( http://www.amazon.com/CISSP-CAP-Prep-Guide-Platinum/dp/0470007923/ref=sr_1_3?ie=UTF8&s=books&qid=1202456134&sr=1-3 )
4] cccure.org ( Good to cover corner concepts, limited use cosidering actual exam questions )
( http://www.cccure.org/ )
5] Hal Tipton - Information Security Management Handbook ( Awesome resource - only if you have >= 6 months )
( http://www.amazon.com/Information-Security-Management-Handbook-CD-ROM/dp/1420060457/ref=sr_1_3/104-1441772-1525525?ie=UTF8&s=books&qid=1202456055&sr=1-3 )
6] Michael Overly Guide ( for last 15 days )
( http://www.cccure.org/ )
Study Plan :
Would recommend giving a serious 4-6 months of dedicated effort, completing the ISC2 official guide first. Then Shon Harris, and then the rest if time permits. Prepare in a group. For the last 15 days refer Michael Overly.
All the best.
My Favorite Topics :
Cryptography
Application Security
Telecommunication and Network Security
Physical Security
Monday, January 21, 2008
Technology Risk - IT Risk Career Certifications
Information Security - CISSP -
https://www.isc2.org/cgi-bin/content.cgi?category=97
Information Privacy - CIPP -
https://www.privacyassociation.org/index.php?option=content&task=view&id=36&Itemid=85
Fraud Review - CFE -
http://www.acfe.com/Membership/become.asp
IT Audit - CISA /CISM -
http://www.isaca.org/Template.cfm?Section=Certification&Template=/ContentManagement/ContentDisplay.cfm&ContentID=19934
Internal Audit - CIA -
http://www.theiia.org/certification/certified-internal-auditor/
IT Infrastructure - ITIL -
http://www.itil-officialsite.com/home/home.asp
Business Continuity and Disaster Recovery - CBCP -
http://www.drii.org/DRII/Courses/certification_overview.aspx
https://www.isc2.org/cgi-bin
Information Privacy - CIPP -
https://www.privacyassociation
Fraud Review - CFE -
http://www.acfe.com/Membership
IT Audit - CISA /CISM -
http://www.isaca.org/Template
Internal Audit - CIA -
http://www.theiia.org/certifica
IT Infrastructure - ITIL -
http://www.itil-officialsite
Business Continuity and Disaster Recovery - CBCP -
http://www.drii.org/DRII
Thursday, January 10, 2008
XSS Hu la la :-)
From Mark Curphey's blog ::
"
"
"
From the Office of "Real World Software Security"
When a customers development team was recently asked to use the AntiXSS library, validate input and encode output for their web interface they replied (and I quote) “we do not use cross site scripting”.
If any customer ever asks the single most effective thing to affect a positive change on their software security security program I always respond with education and awareness. Pound for pound, dollar for dollar it is the most effective tool anyone has.
"
Labels:
Cross-Site Scripting,
Information Security,
Security,
XSS
Subscribe to:
Posts (Atom)