Security Management Strategies for the CIO
Email Alerts
-
Penetration test methodology: Creating a network pen testing agreement
Network pen testing can be very useful when it comes to detecting vulnerabilities, but it's important to work with the IT department to prevent network downtime. In this expert response, learn how to draw up pen testing rules of engagement for greate... Ask the Expert
-
Using fuzzing for internal application security testing
Superstar security researchers often use fuzzing to find flaws in major vendors' applications, and you can use fuzzers to find vulnerabilities during internal software development. Expert Michael Cobb explains how. Ask the Expert
-
Test a security architecture design without an IT security consultancy
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it without spending the money. Ask the Expert
-
Using application quality control tools for auditing applications
For auditing applications, most enterprises will find application quality control and assurance tools helpful. In this expert response, Randall Gamby details what types of tools there are and how they can help. Ask the Expert
-
How to choose the best IT security certification for pen testing jobs
Looking to get into the world of penetration testing, and you're not sure which certification might help? In this expert response, David Mortman explains how to know if pursuing a certification is right for your career. Ask the Expert
-
Does an EULA make it truly illegal to decompile software?
Michael Cobb explores a legal minefield: the legality of software decompilation. Ask the Expert
-
Should management processes change based on a patch release schedule?
Expert Michael Cobb explains why planned patch release schedules, though helpful, may alter they way you handle the deployment of your own updates. Ask the Expert
-
Verifying the security of software with static and dynamic verification
Secure software is critical to all businesses, and security verification is an important part of that process. In this expert response, learn the difference between static and dynamic verification of security in software engineering. Ask the Expert
-
The requirements needed to make an external penetration test legal
Rule number one of pen testing: Make sure you have permission in hand before you begin. But there's much more than this needed to perform a successful penetration test on a wireless network. Ask the Expert
-
Should static analysis be a part of the software development process?
When the cost of addressing security issues increases as the software design lifecycle proceeds, see why expert Michael Cobb says that using static analysis early on can benefit your bottom line. Ask the Expert