Software Integrity Blog

Author Archive

Sakthi Mohan

smohan

Sakthi Mohan is a security consultant at Synopsys. She recently received her master's in computing security from Rochester Institute of Technology. Sakthi is an emerging security professional specializing in architecture risk analysis, Web application security, and network security.


Posts by Sakthi Mohan:

 

A primer on protecting keys and secrets in Microsoft Azure

Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every Global 5000 from attacks on keys and certificates is at least $53M.” The report also notes that “54 percent of organizations admit to not knowing where all keys and certificates are located, which means they do not understand how they are being used or what should be trusted.”

Continue Reading...

Posted in Cloud Security | Comments Off on A primer on protecting keys and secrets in Microsoft Azure

 

5 security industry buzzwords we love to hate

Computing security is an interesting space. One of the main aspects that makes it interesting is that there are many security terms that are ambiguous. With some words, we have no idea why we’ve come to use them! While these buzzwords aren’t going away any time soon, here is a list of buzzwords that most of the security industry loves to hate: 100% Secure Your security is only as good as your weakest link. It’s obvious to the current security world that there is no such thing as 100% secure. However, some organizations guarantee on their website that they are indeed 100% secure. This may seem like a good marketing strategy to attract customers who may not know much about security. It’s also asking for trouble when security professionals notice a claim like this. It is best to steer clear of this term. Hacker When we think of a hacker by that name, a criminal computer nerd comes to mind. You know, the dark shadowy figure in a hoodie that’s sitting behind a fancy laptop. The same figure who steals bank account details with the intention of reeking high-tech havoc.

Continue Reading...

Posted in Cloud Security | Comments Off on 5 security industry buzzwords we love to hate

 

The greatest security vulnerability: Humans

In the security industry, we hold the following words near and dear to our work:

Continue Reading...

Posted in General | Comments Off on The greatest security vulnerability: Humans

 

Vulnerability assessment tools to strengthen your web AppSec stance

A good application security program includes a combination of various secure processes, practices, and different tooling options. Choosing the appropriate vulnerability assessment tools should always be the first step in assessing your web application security. These tools help prioritize vulnerabilities based on severity and report the vulnerabilities to allow for a systematic remediation process. Additionally, there are many tools available to choose from. From freeware to open source and commercial tooling options, finding the right tools to serve your purpose can become daunting. Choosing the right vulnerability assessment tools Here are the basic features to look for when choosing suitable vulnerability assessment tools:

Continue Reading...

Posted in Web Application Security | Comments Off on Vulnerability assessment tools to strengthen your web AppSec stance