Blog Archives

CionSystems – Change Notifier

August 6, 2010
By admin
changeNotifierLogo

IT professionals who work with Active Directory know this can be a very beastly experience. However what’s troubling is change management for manage and unmanaged changes. It is imperative for IT professionals to know the changes that are happening to active directory, for example administrator group membership, accounts creation and deletion and so on...

Read more »

Road Map for an Application/Software Security Architect (Part 6)

April 9, 2010
By admin

So, the application designer has disclosed that the solution for the web services being designed will involve the (1) need to authenticate; (2) need to determine levels of authorization; and (3) need to have some personalized data be carried forward to the application. If you, as a the security architect involved...

Read more »

Road Map for an Application/Software Security Architect (Part 5)

April 9, 2010
By admin

Without a Digital Identity, how would you expect to do any authentication? And with an incomplete Digital Identity, how would you expect to get the authorization done correctly? Without the proper data model and the expectation that it would have the correct data (besides being in the right place at the right time), securing...

Read more »

Road Map for an Application/Software Security Architect (Part 4)

April 9, 2010
By admin

Planning your application’s use of the digital identity is not an after-thought of system architecture. At the least, it might offer the occasional lack of reliable and conflicting information. At the worst, it provides little, if no protection, at all. And like the proverbial little dutch boy, you will be putting fingers in the...

Read more »

Road Map for an Application/Software Security Architect (Part 3)

April 9, 2010
By admin

Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution’s Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each...

Read more »

Road Map for an Application/Software Security Architect (Part 2)

April 9, 2010
By admin

Vulnerability testing at the acceptance stage of an application’s Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and...

Read more »