My published articles will be here as soon as I get around to updating this.
Web Services Security: REST vs. SOAP
PenTest Magazine Extra, June 8, 2012
Creating a web service these days is fairly simple and routine, however, careful consideration should be made when considering which type of web service you will be using and how you will be securing it. Utilizing an insecure web service can wreak havoc within your company or organization if you end up exposing sensitive information to attackers or curious people.
Debate: Identifying culprits behind Koobface disrupts the gang's activity
SC Magazine, May 1, 2012
Russia has been known to be a haven for hackers for the past decade or more. However, things have changed. With President Dmitri Medvedev in office, the Russia's law enforcement response toward cyber crimes and the criminals behind them have been bolstered. On top of this, Russia and The Commonwealth of Independent States, an association of nation-states with a vested interest in Russia and the region, have banded together and are working toward a strategic partnership in combating cyber crime. Russia is spearheading this movement with coordination by Rashid Nurgaliyev, the minister of the Russian Ministry of the Interior and Cyber Crime Prevention Department.
SCADA Security for Critical Infrastructure
PenTest Magazine: Auditing & Standards, July 12, 2012
The first step towards securing SCADA systems (aside from JFK’s 1963 memorandum establishing the National Communications System (NCS)), was Reagan’s 1984 Executive Order 12472, Assignment of National Security and Emergency Preparedness (NS/EP) Telecommunications Functions. In short, some of the more important NS/EP requirements include: enhanced priority treatment for voice and data services, secure networks, restorability, international connectivity, interoperability, mobility, nationwide coverage, survivability, voice band service in support of presidential com- munications, and scaleable bandwidth.
Trapping Bears While Floating Like a Butterfly and Stinging Like a Bee
PenTest Magazine Extra, September 18, 2012
We understand what honeypots are, how they can be used to create a honeynet, and how to implement them; we need to keep in mind that if not deployed properly they can create a high risk to your production environment and due diligence should be exercised when planning and deploying honeypots.