Chris Riley presents security issues threatening service based systems which could be attacked on the transport or the message layer. He examines some of the security threats presenting measures to undertake to reduce the risks and available security frameworks.
In this interview, Dr. Mercuri defines computer forensics, then discusses how forensics apply to criminal, civil, and intellectual property law. She addressed the challenges that technological advances, (e.g. RAID, cell phones, GPS devices, and Cloud Computing) increase the challenges faced by the forensic computer scientist. She also discusses appropriate actions if you suspect security issues.
In this presentation, John Steven talks about modeling security threats as a way to discover, understand and counteract threats while designing the system architecture. John presents threat modeling through examples focusing on authentication, authorization and session management.
In an effort to find viable alternatives to the false security offered by passwords, a new U.S. government program is trying to find consensus on standards with leaders of private industry. The new National Strategy for Trusted Identities in Cyberspace (NSTIC) program was formed early in 2011 with limited funding but ambitious objectives.
Microsoft has released SDL Threat Modeling Tool 3, a tool used to model, analyze, track and mitigate security vulnerabilities early in the application’s design process.
