-
Archives
- August 2024
- January 2024
- December 2023
- September 2023
- July 2023
- March 2023
- August 2022
- January 2022
- October 2021
- October 2020
- May 2020
- March 2020
- November 2018
- September 2017
- October 2016
- December 2015
- September 2015
- January 2015
- November 2014
- July 2014
- April 2014
- March 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- November 2012
- October 2012
- July 2012
- June 2012
- April 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
-
Meta
Category Archives: Threat Modeling
Cyber Intelligence Universe
In recent years all “cyber” is fashionable, and intelligence applied to the cyber world could not be less! The concept of intelligence has an offensive meaning due to the use by intelligence and military agencies, but now too many security … Continue reading
OWASP Top Ten 2013 free workshop
Yesterday, July 17th, I taught a free workshop about the OWASP Top Ten 2013 which was published recently that describes the 10 most common vulnerabilities in Web applications. This free workshop is a collaboration between the Catedral de Innovación of … Continue reading
Posted in Security, Technology, Threat Modeling
Tagged Application Security, attack vector, OWASP, SDL, Software Security, VULNEX, Web Security
Leave a comment
AppSec: Build Rooted Detection in your App
For various reasons many Apps need to detect if the phone has been “rooted” and in this article will see different techniques for this purpose. Since it is common to see this type of questions in development forums, I thought … Continue reading
AppSec: Improve your software security with GCC Stack Protector Strong
The other day helping out a client to develop secure software it came to my mind that this topic could be of interest to my readers. Obviously this topic is quite wide, but in this article I will focus in … Continue reading
Posted in Pentest, Privacy, Security, Technology, Threat Modeling
Tagged Application Security, AppSec @en, attack vector, Compiler, GCC, Information Security, Linux, SDL, Software Security
Leave a comment
AppSec USA 2012: the experience
You know you are in Texas when you get out of the plane and hear country music through the airport and I was there indeed because the 25 and 26th of October the OWASP AppSec USA conference was taking place … Continue reading
Posted in Conference, Hacking, OWASP, Pentest, Privacy, SDL, Security, Technology, Threat Modeling
Tagged Application Security, Apps, Information Security, OWASP, SDL, Software Security, Web Honeypots
Leave a comment
AppSec: Static Analysis Using Visual Studio 2010 for Hunting C/C++ Bugs
[Español] Para este artículo hablaremos de una magnífica herramienta como es Visual Studio 2010, el entorno de desarrollo de Microsoft, que utilizo a diario para realizar auditorías de código en C/C++ o .NET. Cuando imparto clases sobre SDL es frecuente … Continue reading
Software Security Development Framework: Survival Guide
La seguridad en el ciclo de desarrollo de aplicaciones ya no es opcional, tiene que ser considerada como un elemento vital y crítico para cualquier tipo de producto ya sea una aplicación web, móvil, cliente, etc. sin ningún tipo de … Continue reading
Posted in Microsoft, OWASP, SDL, Security, Threat Modeling
Tagged Application Security, Information Security, Microsoft, SDL, Software Security
Leave a comment
Attack Surface Analysis Infinitum
En cualquier revisión de seguridad ya sea un test de intrusión, revisión de una aplicación web o de código fuente el Attack Surface Analysis (ASA) es una poderosa metodología que podemos utilizar para identificar los vectores de ataque del sistema. … Continue reading
Posted in Microsoft, OWASP, Pentest, SDL, Security, Threat Modeling
Tagged attack vector, Critical Infratructures, Information Security, Penetration Testing
Leave a comment
Microsoft Security Sites
ESP: Nadie puede negar el esfuerzo que dedica Microsoft a la seguridad aunque haya gente que no lo aprecie. Por eso voy a dedicar este post a sitios Web sobre seguridad de la compañía que mucha gente no conoce y … Continue reading
Posted in Microsoft, SDL, Security, Threat Modeling
Leave a comment