SecuriTRAINED! Be Aware, Be Skilled, Be Certified in Security

What does it mean to be SecuriTRAINED?

Step 1 – Follow Chinese War Strategist, Sun Tzu’ss advice in the “Art of War” “Know Thyself” a.k.a. – Be Aware
Step 2 – Follow Queen Elizabeth II’s advice on “Training” and Be Skilled
Step 3 – Follow Goethe’s advice that “Knowing is not enough, we must apply” and Be Certified

Resource Link – AT&EC Security Solutions Datasheet by SecuRisk Solutions
To be SecuriTRAINED is to Be Aware, Be Skilled and Be Certified in Security … read more

Being Unwired, Yet Secure !

Managing Security Risks in a Wireless World …

Diagnosis: TMI Syndrome; Patient: Your Web App

If presenting the information is not properly protected, Web applications can suffer from TMI Syndrome (TMIS). When Web applications suffer from TMI Syndrome, they divulge more information than is necessary, unsolicited or otherwise. Not too wise …

The Road Less Traveled – Software Security from Shakespeare, Jungle Book and Nature …

What do you think Shakespeare had to say about Software Security? What does an naked motorist have to do with Confidentiality? What does the Jungle Book character Baloo have to say about Security Essentials (The Bear Bare Necessities of Life security)? What does the African Wildlife have to do with Security Concepts? What does pH have to do with Security? and more …

SD3LC – Secure By Design, Development & Deployment @ TRISC

In the current day and age, the chief drivers for software development projects are meeting business requirements and deadlines. Security is generally an afterthought for software development projects. Incorporating security from inception is more cost effective.This session will address the various security controls and activities associated with each phase of the software development lifecycle (SDLC). The controls and activities include but are not limited to; modeling use/abuse cases, threat modeling, security code review, security testing, etc.

(ISC)²® Launches Online Self-Assessment Tool For Information Security Professionals

Excerpt from the official press release ( Jan 29, 2008 )

(ISC)²® (”ISC-squared”), the non-profit global leader in educating and certifying information security professionals throughout their careers, today announced the launch of a new online self-assessment tool known as studISCope (pronounced “study scope”). The tool aims to enable security staffs and individuals to assess their knowledge of the (ISC)² CBK®, a taxonomy of information security topics that serves as the foundation for all (ISC)² certifications.

“studISCope is beneficial to both certification candidates and employers,” said Eddie Zeitler, CISSP, executive director of
(ISC)². “It helps candidates focus their study efforts more precisely and enhances their comfort level prior to sitting for the official certification exam.”

For more information, read the entire press release at https://www.isc2.org/PressReleaseDetails.aspx?id=1316
For more information about studISCope and current promotions go to https://www.isc2.org/studISCope

Two Application Security Catalysts – SQL Injection & Cross-site Scripting (XSS) @ Burton Group Catalyst EU 2007

Two of the most prevalent application attacks in this day and age are SQL Injection and Cross-Site Scripting (XSS). Perimeter defense devices such as intrusion detection systems (IDS) and firewalls offer no protection against such attacks. The risk of sensitive information theft, alteration, insertion of data along with other effects such as URL redirection, website defacement and authentication theft are high and will be demonstrated. This session would demonstrate the effects of SQL Injection and XSS attacks and provide insight into the control measures to successful mitigate the risk against such attacks. It will also provide insight into the different process control measures that are necessary across the systems development life cycle to harden the code from within, so that such susceptibilities are addressed. Session takeaways include a complete understanding of the anatomy of SQL Injection and XSS attack, their effects when exploited and the mitigation control measures to stop SQL Injection and cross over XSS.

(ISC)2 Official CISSP Practice Exams and (ISC)2 Official SSCP Practice Exams

(ISC)² is dedicated to creating new value-added services for its prospective and more than 50,000 current members worldwide. One of the most exciting of these is studISCope, our online self-assessment tool that helps candidates assess their knowledge of the CISSP or SSCP CBK^®. Together with our partner, Express Certifications – a company renowned for developing innovative testing and training techniques – (ISC)² can now maximize your learning experience and focus your study efforts more precisely along whichever information security career path you choose.

Read More