Adnan Masood, a Machine Learning Phd's musings on Life, Technology, Research & Development
Application security focused company Arxan has created some pretty neat info-graphics summarizing the State of Application Security. They have reached out to me for a review; I found the infographic along with corresponding detailed reports which outlines the summary, methodology, findings, and recommendations, quite effective yet precis overview of the state of appsec. Forty-one percent of mobile…
In a recent podcast by Scott Hanselman and Erica Stanley, an Internet of Things (IoT) primer, the guest mentioned how security is being treated as an afterthought for most things IoT. This is unfortunately true in various areas of software development; but especially with the unprecedented growth of IoT, this lax in providing security standards will fast…
I have recently encountered the following error when enumerating through the UserPrincipal.GetAuthorizationGroups collection. System.DirectoryServices.AccountManagement.PrincipalOperationException: An error (1301) occurred while enumerating the groups. The group's SID could not be resolved. The problem was introduction of the domain controller running Server 2012 while the machine running my application was win7 VM (applies to Win2K8 as well) With little…
Threat modeling and diversion tactics; a good high level overview on software security. There are only a handful of threat modeling approaches in the industry which are difficult to implement due to the subjective guidelines. Our training session will focus on best practices and a hands-on approach that will provide attendees a better understanding of…
I spoke to LA C# User group last night in Pasadena on the topic of Web Application Security with OWASP. The slide deck of my talk can be downloaded from here. LA C# OWASP Presentation Links from the talk follow. Open Web Application Security Project IIS Lockdown tool Configuring SSL on IIS7 Disabling the directory browing…
Exploring Distributed in DDoS - Social Engineering aspects of an 'Anonymous' style DDoS attack Recorded 24 April 2013. Abstract: With the proliferation of social media and mobile devices to masses, protecting against distributed denial of service attacks has become an arduous technical challenge. Even though we expect much more sophistication, research reports show that majority…
I recently spoke to 11th SecureIT conference on "OWASP Web Services Security - Securing your Service Oriented Architecture". This annual event was hosted by UC San Bernardino at Sheraton Fairplex Hotel. This SecureIT Conference conference provides focus and opportunities to higher education staff meeting the challenges of providing a secure information technology environment for campus communities. The…
I spoke to The San Francisco .NET Developers User Group last week on the topic of Practical Web Application Security with ASP.NET / MVC. Following are the some of the links from my talk. For additional links, please see my earlier talk Resources – talk @ 10th Annual SecureIT conference Home/MVC/Overview/Chapter 7. Security Security Extensibility in ASP.NET 4 (This…