auditing
40% of orgs doubt effectiveness of disposal procedures of old PCs
UK organizations aren’t certain that all data and settings are deleted from devices prior to disposal, say the findings of a recent survey by user and infrastructure …
Security code review tool Agnitio 2.1 released
Agnitio is an application security tool developed by David Rook to help further the adoption of the Principles of Secure Development and to bring more repeatability and …
Explore what ISO 27001 documentation looks like
Documentation is the core of your ISO 27001 implementation. A good set of documents will enable your employees to understand their obligations better while poorly written …
How to conduct an internal audit according to ISO 27001 and BS 25999-2
The key purpose of an internal audit is for an organization to find out if all the processes and activities are running as they are expected. An nternal audit is usually …
BackTrack 5 Wireless Penetration Testing Beginner’s Guide
Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of …
GlobalSign audit reveals only isolated web server breach
GlobalSign – the CA that has been named by the Comodohacker as also compromised and has stopped issuing certificates until it finished investigating these claims – …
Mozilla requests Firefox CAs to confirm they haven’t been compromised
As Google began notifying users that have been possibly affected by man-in-the-middle attacks through the use of the rogue SSL certificate issued by compromised CA DigiNotar, …
Cyber crooks misusing audit tool to breach VoIP servers
Every now and then, cyber criminals misuse “good” software in order to do bad things, and the latest instance of this modus operandi has been spotted by NSS Labs …
WebSurgery: Suite for security testing of web applications
WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. …
Virtualized scanners and report customization for security assessment
Qualys announced a new edition of the QualysGuard Consultant service, featuring virtualized scanner appliances (vScanners) and a report customization module. The new edition …
Faster password hashes cracking based on the DES algorithm on CPUs
Openwall released an updated version of John the Ripper, a password security auditing tool and open source project, providing the community with improvements in the …
Qualys recertifies its cloud computing FDCC auditing service
QualysGuard is recertified for FDCC compliance by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards. The QualysGuard FDCC …