Friday 25 March 2011

Winston Churchill on Passwords

Winston Churchill quote on passwords:
 "It has been said that the password is the worst form of authentication except for all the others that have been tried."

 OK. He didn't say that (as far as I know). I paraphrased him slightly. Here is the alleged original quote:

"It has been said that democracy is the worst form of government except all the others that have been tried."
http://www.quotationspage.com/quote/364.html

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

Tuesday 22 March 2011

Tuesday Top Tip - Penetration Testing

Most companies use application penetration testing towards the end of the development life cycle in order to identify security vulnerabilities. This can be a problem - especially if you had not thought about security earlier in the development process.

What do you do if the pen test throws up major security issues?

If it's late in the development cycle, then these issues will be expensive to address. So you are more inclined to ignore them. That could leave you vulnerable.

Have you been in a position where a serious SQL injection vulnerability has been discovered two days before product launch? What to do? You know it would have been fairly simple to address if it had been discovered a lot earlier - but now it's not so simple.

So here are some Tuesday Top Tips:
  1. You should think of application pen testing as a way to confirm that all your planned security measures have been implemented properly during the earlier development phases.
  2. Try to do some pen testing as early as possible in the development. If you discover issues, they should be less expensive to address - and you can integrate the lessons learned into the rest of the development.

All this assumes that you have integrated security into the development lifecycle.

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

Wednesday 16 March 2011

Twitter Supports SSL

Twitter now supports SSL. Unfortunately, like Facebook, you have to opt-in. You can set it using the "HTTPS Only" setting under your Account options.

TWITTER

  1. Select "Profile" and then "Edit Your Profile"
  2. Down towards the bottom of the page you will see "HTTPS Only".
  3. Check the "Always use HTTPS" option
  4. Select "Save" to store your settings.


Do it now - you know you should!



 .....AND DONT FORGET FACEBOOK

To configure SSL in your Facebook account:
  1. Select "Account" and then "Account Settings"
  2. Select "Account Security"
  3. Under "Secure Browsing (https)" check the "Browse Facebook on a secure connection (https) whenever possible" option
  4. Select "Save" to store your settings
  .....AND IF YOU ARE DEVELOPING YOUR OWN WEB/ONLINE APPLICATIONS

Configure your website so that it uses SSL. Your users will thank you. Actually they won't...but you can feel smug.

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot