In my most recent post, I identified the direction and state-of-the-art in application security. We all know of the importance of application security in today's environments. However, finding out where to fit application security policies and programs [...]
Posted by Dre on Tuesday, July 28, 2009 in
Security and
Work.
This week, I was doing an internal penetration test for a client of a web service, which is used by applications loaded on kiosk machines around the country. I didn't have much time to do the test, so I had a couple advantages, like having network access [...]
Posted by Marcin on Sunday, December 14, 2008 in
Code,
Security and
Work.
Today I ran into a little setback for an issue I did not foresee. For the past several months, I've been on a PCI remediation project, of which one of my tasks was to implement a web application firewall to address PCI requirement 6.6. Now, for everyone [...]
Posted by Marcin on Thursday, November 20, 2008 in
Security and
Work.
Yesterday we celebrated tssci-security.com's two-year anniversary. I started this site on August 23rd, 2006 during my first internship, and oh my, how the time flew by. A lot of good things have come my way -- most as a direct result of this blog. The [...]
Posted by Marcin on Sunday, August 24, 2008 in
Conferences,
News,
People,
Security and
Work.
We've been beating the drum for some time now, expressing our opinions of web application firewalls (WAFs). You might have sided with us on this issue, are against us, or are just tired from it all by now. This post is about to change all that, and show [...]
Posted by Marcin on Monday, June 23, 2008 in
Defense,
Security and
Work.
We all know about the CISSP. You've heard the whispered hallway conversations. You've seen the business cards, the email signatures, and the government contract requirements. You might even know the secret handshake, or have the magical letters attached [...]
Posted by Dre on Thursday, June 19, 2008 in
Security and
Work.
So the other day I get a call from the forensics team at work asking for help with some packet analysis. A client's users had reported phishing activity, so they decided to run a full-content capture using Wireshark on the external and internal network [...]
Posted by Marcin on Monday, May 5, 2008 in
Security and
Work.
Taking care of business Before I get into this post, I wanted to give you some updates on progress of other projects here at TS/SCI Security. First off, I've been working on the OWASP Evaluation and Certification Criteria Project and hope to announce [...]
Posted by Dre on Monday, March 17, 2008 in
Hacking,
Security and
Work.
Office collaboration services look like 1985 Microsoft Outlook and Exchange server have been the staple for office collaboration for over 10 years, with a model that has been around since Novell and Lotus in the mid-80's. Collaboration services are [...]
Posted by Dre on Thursday, December 13, 2007 in
Defense,
Hacking,
Security and
Work.
An audit framework for evaluating structured security program frameworks How many readers implemented a new security plan for 2006 or 2007? How many had clients that implemented a new security program? Which frameworks were involved? Possible frameworks [...]
Posted by Dre on Monday, December 10, 2007 in
Defense,
Hacking,
Intelligence,
Politics,
Security,
Tech and
Work.
I love wikis. I've been working on a security portal at work and it just got so much better with the addition of embedded RSS feeds. With this extension, I've embedded the Security Whitelist and Aggregated Vendor and Security News Sites pipes on the [...]
Posted by Marcin on Wednesday, July 18, 2007 in
Tech and
Work.
So your DNS team sends you the company's entire domain name inventory in a CSV (comma-separated values) file. You're tasked with port scanning those hosts, to perform a network inventory, discover rogue services and other policy violations. It's simple [...]
Posted by Marcin on Monday, July 9, 2007 in
Security and
Work.
Several people in the corporate IT security group where I'm interning this summer have been working hard on creating a program to educate users on the company's acceptable use policies and some basic security awareness. They've done a great job and the [...]
Posted by Marcin on Tuesday, June 26, 2007 in
Security and
Work.
I started working on a project that has no doubt, been done before. It's something no one has publicly posted information on and it's not new -- something everybody wants yet every vendor says is impossible. The problem with this project, is it can't be [...]
Posted by Marcin on Saturday, June 2, 2007 in
Security and
Work.
(Continued from Consumerization of IT and state of the security industry and a reply to Low probability but a devestating impact.) After lunch, we broke up into several groups and I headed to the discussion on "next generation threat analysis," which [...]
Posted by Marcin on Thursday, May 17, 2007 in
Security and
Work.
Yesterday was a bit of a surprise for me, I met someone I never would have expected to meet and be an actual co-worker too. There were several talks today, focusing on the "consumerization" of IT, the state of the security industry from a Wall Street [...]
Posted by Marcin on Thursday, May 17, 2007 in
Security and
Work.
I've been too busy to blog this week and haven't had any ideas for any new topics. Tomorrow (Wednesday and Thursday) I'll be attending my company's internal security "conference" to discuss the issues and projects IT Security faces. I'm interning at this [...]
Posted by Marcin on Tuesday, May 15, 2007 in
Security and
Work.
A thread that has gotten some attention and even sparked some bloggers to tag each other with their own stories, I thought I'd post my own "how I got started." I'm twenty years old and my area of study since I graduated high school has been network [...]
Posted by Marcin on Wednesday, May 9, 2007 in
School,
Security and
Work.
In a month, I begin a new internship for a Fortune 100 company. Having already spoken with a member of the security team, I can expect to be placed in one of four areas in IT security, including web application security and forensics/incident response. I [...]
Posted by Marcin on Thursday, April 26, 2007 in
Security and
Work.
