BT
rss
  • Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats

    by Aaron Beuhring Kyle Salous on  Mar 17, 2015 1

    In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.

  • Employing Enterprise Architecture for Applications Assurance

    by Walter Houser on  Feb 26, 2015

    In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls. They also talk about other security model components like threat modeling, attack trees, secure design patterns, and misuse cases.

  • How Well Do You Know Your Personae Non Gratae?

    by Jane Cleland-Huang on  Nov 27, 2014

    In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.

Keeping Your Secrets

Posted by Dennis Sosnoski on  Sep 30, 2013

Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how to make it more difficult for anyone to see or alter your data exchanges. 2

Application Security Testing: The Double-sided Black Box

Posted by Rohit Sethi on  Feb 26, 2013

In this article, Rohit Sethi discusses the opaque nature of security verification tools and processes and the potential for false negatives not covered by techniques like automated dynamic testing. 1

Defending against Web Application Vulnerabilities

Posted by Nuno Antunes Marco Vieira on  Jul 27, 2012

In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using white-box analysis and black-box testing techniques. 1

Comparison of Intrusion Tolerant System Architectures

Posted by Quyen L. Nguyen Arun Sood on  Nov 25, 2011

In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system architectures and their efficiency for intrusion tolerance and survivability. 1

Virtual Panel: Security Considerations in Accessing NoSQL Databases

Posted by Srini Penchikala on  Nov 15, 2011

NoSQL databases have been getting lot of attention lately but NoSQL data security is not given much emphasis. This article focuses on the security considerations in accessing NoSQL databases. 2

Resilient Security Architecture

Posted by John Diamant on  Sep 27, 2011

In this IEEE article, author John Diamant talks about improving security quality of software applications using techniques like security requirements gap analysis and architectural threat analysis.

Enhanced Detection of Malware

Posted by Carlos Rozas Hormuzd Khosravi Divya Kolar Sunder and Yuriy Bulygin on  Sep 30, 2009

This article discusses significant new threats to host agents, outlines a generic architecture for malware detection, based on enhanced cloud computing, and outlines enhanced computing solutions.

The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware

Posted by Jaideep Chandrashekar Carl Livadas Steve Orrin Eve Schooler on  Aug 04, 2009

Botnets are the latest scourge to hit the Internet and this article provides and presents several promising anti-botnet defense strategies that specifically target current and emerging trends.

BT