Tag Archive

DeepSec 2014 Talk: Cloud-based Data Validation Patterns… We need a new Approach!

Published on October 28, 2014 By sanna

Data validation threats (e.g. sensitive data, injection attacks) account for the vast majority of security issues in any system, including cloud-based systems. Current methodology in nearly every organisation is to create data validation gates. But when an organisation implements a cloud-based strategy, these security-quality gates may inadvertently become bypassed or suppressed. Everyone relying on these […]

DeepSec 2013 Talk: Static Data Leak Prevention In SAP – The Next Generation Of Data Loss Prevention

Published on September 20, 2013 By lynx

Once you use information technology you will have to worry about leaks. Applications can leak data when attached to the network (any network!). That’s no breaking news, but it might be bad news for you and your data. Fortunately there are good news, too. There is a talk by Andreas Wiegenstein about ways of data […]

Cloud Security Promises out of thin Air

Published on May 15, 2012 By lynx

The „Cloud“ is a wonderful link between the BYOD disaster, data loss and broken security promises. Yet users of all kinds are lured into the web interfaces with eye candy. The German IT magazine Golem.de has published an article about the cloud security study of the Fraunhofer Institute for Secure Information Technology SIT. Researchers have […]

Getting your Perception right – Security and Collaboration

Published on January 29, 2012 By lynx

If all security-related events were not connected and could be analysed with a closed system in mind, getting security measures right would be much easier. Technicians will probably yawn at this fact, but networks connect a lot of different stuff (think „series of tubes“ and many points between them). In turn this means that you […]

Talk: The Security of non-executable Files

Published on October 27, 2011 By lynx

Recent security incidents push the imagination of some people to the limits. On today’s menu are U.S. Government satellites (done before albeit with a different vector), insulin pumps, automatic teller machines, smartphones linked to cars, and even vending machines in wilderness resort parks. What’s next? Executing code by the use of postcards or printed newspapers? […]

Talk: Data Exfiltration – not just for Hollywood

Published on June 18, 2011 By lynx

Iftach Ian Amit discusses infiltration of networks and exfiltration of data. Imagine you have completed the infiltration, data targeting and acquisition phase. You have secured the data you were looking for. Now what? How do you get to „your“ data out of highly secured environments? You need to avoid data loss protection (DLP) tools, avoid IPS/IDS, avoid […]