Hello, is anybody aware of any existing reference that is providing an updated overview of the current international standards on the Application Security topic?
Thanks in advance
Gioffry | 5/16/2013 5:15:06 AM | COMMENTS(0)
|
Would anyone have a research paper or best practices for Dynamic Analysis Remediation?
· If you fix XSS (cross-site scripting), you’re likely to also fix X vulnerability. Or if you fix Trust Boundary Violation, you’re likely to also fix Y vulne...
|
Can any one recommend suitable freeware Application vulnerability assessment tools which can be used to
assess applications such as accounting software?
|
U.S. industries spend billions of dollars each year securing their information technology (IT) assets. In spite of this investment organizations still suffer significant economic losses from cybersecurity incidents. The possibility of catastrophic attacks...
|
I hope all is well. i have a question. How do i generate a manual journal entry report in SAP that will inlcude the journal entry amount and General Ledger account number? I need the command to be able to run this kind of report. I know you can use BKPF i...
Festus312 | 8/22/2011 8:11:00 PM | COMMENTS(2)
|
Geolocation technologies and the use of information acquired and disseminated by geolocation services are becoming pervasive in our society. This is changing the way we socialize, conduct business, and manage our personal affairs. ISACA recognizes the sig...
|
Books
Posted by ISACA Yesterday
|
Books
Posted by ISACA 280 days ago
|
16 Sep 2013
ISACA International Event
London, England
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM 2013 in Berlin—the leading European conference for IT audit, assurance, security and risk professionals. Save over US $200 when you register by 22 July!
|
30 Sep 2013
ISACA International Event
Medellín, Colombia
La Conferencia Latinoamericana CACS/ISRM 2013 en Medellín, Colombia es la conferencia principal latinoamericana para los profesionales de auditoría, riesgo y seguridad de la información. Ahorre más de EE.UU. $ 100 si se inscribe antes del 7 de agosto!
|
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM is a multidimensional event featuring security and risk content, and the security programs, tools and the resources you need to be responsive to industry changes.
|
Volume 3, 2013
by Dan Bogdanov, Ph.D., and Aivo Kalu, Ph.D., CISA
A cloud is a remote-access platform; thus, technical controls that remotely enforce a particular security policy are especially efficient.
|
Volume 6, 2012
by Rohit Sethi, CISSP, CSSLP, and Ehsan Foroughi, CISM, CISSP
SALM solutions offer the unprecedented ability to achieve auditable and scalable prevention-based application security.
|
Volume 4, 2012
by Jose Espin, CISA, CISSP, MCP, SAP
This article focuses on the application-level risk that arises from inappropriate implementation of access controls.
|
Volume 1, 2012
by Michael Mendelsohn, CISSP, Antoine Philipovitch, William Welch, CISM, and Robert Zanella, CISA
One of today’s big security marketing pushes is enterprise single sign-on (ESSO).
|
Volume 4, 2011
by Sivarama Subramanian, CISM
This article attempts to define metrics that measure the effectiveness of application security in an organization.
|
Volume 4, 2011
by Joel Scambray, Vincent Liu and Caleb Sima | Reviewed by Connie Spinelli, CISA, CFE, CIA, CMA, CPA
This book is an eye-opening resource for grasping the realities of today’s web application security landscape.
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS).
Contributed by ISACA on 30 Jun 2010
|
The CISO for the city of Portland, Ore., advises that every enterprise be aware of one must-have secure Web gateway feature before buying.
Contributed by ISACA on 30 Jun 2010
|
As cloud computing moves from marketing hype to reality -- real customers with real utilization, it's increasingly important that information security practitioners understand the significant change in computing the cloud heralds and how that impacts enterprise risk
Contributed by ISACA on 30 Jun 2010
|
The biggest security problem in the Web 3.0 world will be controlling state over time with a jungle of new syntax.
Contributed by ISACA on 29 May 2010
|
Companies are widening their security holes by haphazardly installing all the technological defenses they've purchased
Contributed by ISACA on 29 May 2010
|
Details the creation of a small tool program which aids the operation of the Snort IDS in dynamically assigned IP address environment.
Contributed by ISACA on 29 May 2010
|
|
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments.
What po...
Posted By : Paulina.PNI | 1 comments
|
Grupos de Estudio para Acreditaciones de JUNIO, SEPTIEMBRE Y DICIEMBRE 2013.
Para los que esten interesados en la presentación del exámen de certificación CISA y CISM o para cualquiera que desee comenzar a prepararse para estas o las próximas pruebas, pu...
Posted By : Alexander Osorio | 0 comments
|
|
According to the IBM System i (AS/400) security guide “system values represent the foundation upon which almost everything else is built. They allow you to customise many characteristics of your system. A group of system values is used to define system...
Posted By : Ian Cooke | 0 comments
|
In a typical AS/400 RPG / Cobol application access is provided through the users OS/400 profile.
OS/400 users may be retrieved using the DSPUSRPRF command (see http://publib.boulder.ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Fcl%2Fdspusrprf.ht...
Posted By : Ian Cooke | 0 comments
|
|
During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs). In many instances this represents a security risk as the Oracle database password is hardcoded into the script. This means th...
Posted By : Ian Cooke | 0 comments
|
Typically application access to a SQL Server database is via one of two methods.
Either all users access the same database using a single (proxy) user which is defined in an initialisation (.INI) file, registry etc.
Or the users access the database ...
Posted By : Ian Cooke | 2 comments
|
|
|