3 AppSec Lessons from Cloud with a Chance of Meatballs Maybe you've seen 2009's Cloudy with a Chance of Meatballs. Perhaps you thought this was a movie about science and about a young nerdy-man trying to find his place in the world. Actually, the real purpose of this movie is to help teach you and other developers some very important Application Security lessons. 20 Dec 2019 :: Security :: #appsec #security #communication
Push the Button: Making Security Training Fun and Interactive As humans, we are all constantly trying to find the signal in the noise. Unfortunately, the topics and behaviors that we, as corporate security trainers, are trying to explain, teach, and reinforce are often seen as noise to those whom we are targeting. Therefore, to achieve our goals we need more than pertinent information and slick graphics; we need to find ways to stand out, capture people's attention, and find a way to cement our desirable security behaviors with positive associations. An effective strategy to stand out, make your message more memorable, and to build a positive reputation for your security team is to incorporate interactive exhibits and activities in your security training program. 1 Jun 2019 :: Security :: #human factors #training #security awareness #journal article
Vulnerability Report: Open Redirect in Jive Social Networking Platform The enterprise social networking platform, Jive (jiveon.com) uses an exit-link tracking mechanism for all external links. The links through this exit mechanism were not validated. An attacker could leverage the trust in a Jive based social network to perform spear-phishing against community users. This issue was reported to Jive at has been remediated with an optional configuration setting as of the time of publication. Remediation requires action by the Jive instance administrator to enable this setting. 21 Oct 2016 :: Security :: #Jive #Vulnerability Report #open redirect
Encryption in the Hands of End Users Organizations are increasingly investing in encryption capabilities. One form of encryption that is seeing increased deployment is end-user managed encryption; however, such deployments present many challenges for the enterprise. Such tools typically lack centralized management and control capabilities, either forcing or allowing users to make security decisions on their own. This makes monitoring and enforcement of proper usage difficult and leaves doubts over whether users are using encryption properly, if at all. In addition, monitoring and data loss prevention tools are often rendered mute because most solutions lack escrow and security infrastructure integration. In this article we will discuss some of the challenges and risks in deploying end-user managed encryption and will also evaluate alternative centralized solutions and their benefits. 1 May 2016 :: Security :: #encryption #human factors #zip #siem #journal article
Help your users protect themselves from family member fraud Social networks and similar service providers must take proactive actions to protect their users from fraud attempts and account abuse perpetrated by friends and family members. With easy physical access and intimate knowledge, these threat actors can impact not just the victim, but other users and the overall quality and reputation of your service. While service providers cannot force technical controls, such as screen saver passwords, on their users, they can adopt techniques and strategies to reduce their potential exposure and to help their users to take proactive measures to protect themselves and practice good security hygiene. 1 Nov 2015 :: Security :: #fraud #social media #accounts #password management #redaction #journal article
The effect of acquisition decision making on security posture The purpose of this paper is to examine the effectiveness of decision making in IT acquisition and security, and the disparity between the two domains. The paper postulates that improving decision processes during acquisition increases decision makers' security consciousness and security posture.. Analysis suggests a significant positive correlation between the effectiveness of acquisition decision making and organizational security posture and attitudes, further suggesting that small improvements in acquisition decision making may result in substantial improvements in an organization's security posture. 1 Dec 2012 :: Security :: #human factors #aquistion #journal article
Customize the Joomla Frontpage / Home Page Template in Joomla 1.5 When visitors first land at your homepage, often you want to do something special. You may want to show a special message, change the header, or do a number of different things. Using the normal backend administration, you can set various modules to display based upon the menu item in Joomla 1.5; however, an empty module position may throw off your design. For example, if you have a three column layout, but only want to show two columns on the frontpage this can be problematic to setup each individual module position, and if you change, add, or remove modules this can be a real headache to implement. Furthermore, if you are developing a template for third party users… 21 Mar 2011 :: Web Development :: #Joomla #templates
Primer on Character Encoding Settings with HTML/PHP While as humans we perceive words as a collection of letters or glyphs as full word representations (e.g., Chinese) computers store everything as a binary representation, including letters. Every letter is represented in binary as some numeric value which is constant within a character set. The most familiar simple character set is the ASCII Character Set, which covers most standard English letters and numbers. However of course, other letters exists… 8 May 2010 :: Web Development :: #utf-8 #iso-8859-1 #mojibake #ascii #encoding #character set
Vulnerability Report: Information Exposure in Oracle's iRecruitment Oracle's iRecruitment software is a HR system used by many government agencies and large private corporations. The system can be used to manage hiring information as well as current employee records. Upon using one such company's hiring system as an external applicant, I followed a hyperlink and was able to recover the entire company's corporate hierarchy, which includes employees names, contact information (primarily business-centric, but some personal information such as cell phones). More importantly, the vulnerability shows departmental breakdowns and reporting relationships in the hierarchy. Depending upon the amount of information stored and where by a particular organization, this could result in violation of employee privacy protection laws such as those from the state of Massachusetts… 27 Apr 2010 :: Security :: #Oracle #Vulnerability Report
How to make drop-down boxes ( select elements) with JHTML …The first thing you should know is that JHTML is a service class, which actually calls a subclass based on the first parameter. I am not sure why you do not natively just call the direct class you want as opposed to this notation which I find odd, but I have decided that I might as well learn all the weird Joomla styles and use them for greater understanding across the community when they look at my code.… 6 Jul 2009 :: Web Development :: #Joomla #JHTML #HTML #forms #select