Security Acts Magazine Issue 1 released

Security Acts is the challenge of producing a high-quality magazine for profes- sionals in IT Security, which is made by and issued for the people involved in IT Security. This online magazine is free of charge and will finance itself through adverts.

In this 1st issue

AJAX makes applications more difficult to secure
by Manu Cohen

AJAX is the new hot technology concerning web applications. It allows the client to do much more than before and have a much better user experience.

An Overview of Software Supply Chain Integrity
by Paul Kurtz

Commercial software underpins the information technology infrastructure that businesses, governments and critical infrastructure owners and operators rely upon for even their most vital operations.

GIF - 3.2 kb

The Science of Secure Software
by Prof. Dr. Sachar Paulus

Lately, a number of scientist colleagues and myself were preparing a proposal for a project that will hopefully be funded by the EU commission. The project proposal was about measuring security.

Practical Application Security
by Manu Cohen

Application Security is a problematic subject. It is a non-functional requirement, so it cannot be presented to a customer, and it is expensive. The management feels that money is being spent without tangible results, and the developers feel that security is a pain so they will do anything to avoid it.

International Secure Software Engineering Council (ISSECO)
by Petra Barzin

Security concerns at the application level are a growing risk to the IT community and one of the biggest challenges for IT security in the next years. Security vulnerabilities are not limited to a few products, but affect almost all vendors and products available on the market.

The Liability of Software Producers and Testers
by Julia Hilterscheid

A recent decision taken by the German Federal Court of Justice regarding the liability of a freelancer working for a company indirectly effectively reverses the principles relating to the liability of software producers and testers, which had been applicable so far. If certain services or insufficiently tested products cause damage to the customer and require that the customer’s employees have to rectify this during their regular working time, the customer can now hold the causer(s) of the damage liable with greater chance of success.

The Human Face of Security - #1
by Mike Murray

“It’s The People, Stupidâ€
Information security is an interesting field to work in. At some point in its history, the term “information security†came to be synonymous with “computer security†, and the large majority of the field became staffed with computer geeks.

Software Supply Chain Integrity in SAP Applications
by Sebastian Schinzel, Gunter Bitz, Andreas Wiegenstein, Markus Schumacher & Frederik Weidemann

Today’s companies store and process their business assets, or at least critical information related to their business assets in large software systems. Therefore, strong access controls should be incorporated in order to protect those software systems.

Business Logic Security Testing and Fraud
by James Christie

Is security testing about the technology or the business?
When I started in IT in the 80s, the company for which I worked had a closed network restricted to about 100 company locations with no external connections.

A Risk-Based Approach to Improving Software Security
by Rex Black

If you are a software tester, software developer, development or test manager, or another other software professional concerned with quality and security, you probably know that developing secure software is no longer simply desirable—it’s completely essential.

Demystifying Web Application Security Landscape
by Mandeep Khera

U.S. Government passes the stimulus package and includes $355M for cyber security. Hacking against Government sites including electric grid intensifies. New regulations for privacy are being passed or proposed across Europe, Asia, and Americas (http://lastwatchdog.com/senate-bill-mandates-strong-federal-role-internet/).

Security Testing by Methodology: the OSSTMM
by Simon Wepfer & Pete Herzog

Security tests are an important part of the risk management process and executives realize the benefits of an independent security test: It introduces a neutral view on the target and can improve security when the proposed sensible measures are successfully applied. But there are often also questions to answer after such an audit.

Application Security Fundamentals
by Joel Scambray

As the importance of security continues to dawn on the Software Industry 2.0, organizations of all sizes are trying to discover what constitutes software security “due care†for their customers.

How to conduct basic information security audits?
by Nadica Hrgarek

Managing information security has become more complex and the numbers of internal and external security threats are increasing. Conducting an information security audit makes good business sense to assess threats and security risks to information systems, to develop risk mitigation strategies and to ensure that identified security risks remain within acceptable levels.

Very interesting articles and magazine. Please subscribe here to get notified for next issues.

Post scriptum