Most Popular Posts

This comes as 101st Post for this blog and I thought to compile list of most popular posts I have had here on the blog.

Credits to Google Analytics for the stats. :)

Here goes the list:

Virtualization : Is it Secure?

Big B Watching or Is this Intrusion of Privacy?

How to Build Secure Software

Free Web Proxy List

Hacking Web Applications – Truly Simple

Using IT to Combat Money Laundering

Westside in Mumbai stores your credit card numbers..

Get into pay sites for free as a Googlebot

Thick Client Application Security

Guarding Against Credit Card Frauds

Can Security be incorporated in the Computer Science & IT courses?

Security Concerns in Web 2.0

Leading Change

Google Hacking

Managing Account Lockout

Clear Text Secrets

Mitigating XSS Attacks in ASP.NET Apps

SQL Injection in Stored Procedure

You can be arrested for using free Wi-Fi

Using Google to View MySpace or Any Restricted Site

Online Banking Security

Web Services Design Security Considerations

Perspective of Performance and Security in IT

Design Considerations for Security

Download everything from Microsoft without WGA Check

What is STRIDE

The weakest link in the security chain? You

Information Systems Security Assessment Framework (ISSAF)

ASP.NET __VIEWSTATE issues

Read More

Developing Software Security Requirements

Software Security Requirements Engineering

Users may not be totally aware of the security risks, risks to the mission, and vulnerabilities associated with their system.

Commonly Used Techniques for Capturing Security Requirements can be broadly categorized as a top-down or a bottom-up analysis of possible security failures that could cause risk to the organization.

1. Fault Tree: Analysis for security is a top-down approach to identifying vulnerabilities. In a fault tree, the attacker’s goal is placed at the top of the tree. Then, the analyst documents possible alternatives for achieving that attacker goal. For each alternative, the analyst may recursively add precursor alternatives for achieving the subgoals that compose the main attacker goal. This process is repeated for each attacker goal. By examining the lowest level nodes of the resulting attack tree, the analyst can then identify all possible techniques for violating the system’s security; preventions for these techniques could then be specified as security requirements for the system.



2. Failure Modes and Effects Analysis (FMEA) is a bottom-up approach for analyzing possible security failures. The consequences of a simultaneous failure of all existing or planned security protection mechanisms are documented, and the impact of each failure on the system’s mission and stakeholders is traced.

Other techniques for developing system security requirements include threat modeling and misuse and abuse cases.

Read More