|
 |
divendres, 19 / gener / 2007 |
|
|
[InformationWeek] Review: Six Rootkit Detectors Protect Your System. Els detectors són els de F-Secure, IceSword, RKDetector, RootkitBuster, RootkitRevealer i Rootkit Unhooker. Especialment interessant les conclusions:
The rootkit detection tools out there right now seem to break down into two basic categories:
- Professionally written tools, which seem to be mostly marketed as a way to get people to buy a full commercial product.
- Independently authored tools of broadly varying pedigrees and usability.
Ironically enough, it was one of the independent tools — Rootkit Unhooker — that turned out to be the best. I'm not sure that means the big vendors will see them as competition, though, since the indie-written tools clearly are meant for self-appointed pros.
If rootkits continue to proliferate and become as difficult to detect as is predicted to happen, that will be yet another selling point for the major security-software makers to market their own products. But it also will be an incentive for the indies to continue to write and update their tools for their own market, too.
|
  | 20:26 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[SearchSecurity] Use threat modeling to improve Web application security and business profits
Threat modeling not only raises security awareness amongst developers, but also makes application security an integral part of the application design and development process. It is a great way to help an organization bridge the knowledge gap between information security and development professionals.
Performed during the application design stage, threat modeling identifies and evaluates the risks to an application. This involves categorizing which assets or sensitive information the application accesses in order to identify potential threats to the application. The end result is ideally a reduction in the number of vulnerabilities that make it through to the release version. Also, since the cost of addressing security issues increases as the software design life cycle proceeds, threat modeling not only helps create better products, increases customer confidence in your applications, but also benefits the bottom line.
|
| 20:22 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 1996-2007 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
 |
 |
 |
 |
Contingut actualitzat
Categories
Darrers comentaris
Arxiu
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
|
 |
 |
 |
 |
|
