This afternoon, the OWASP Belgian Chapter organized its annual Benelux Day in Leuven. The event started round 12:30 with a great initiative: a workshop based on WebGoat. This is an OWASP project which maintains an insecure web application (based on Tomcat) used to teach web security. The proposed lessons cover
Category: Security
InfoSec + Physical Security = Security Convergence
Today, all organizations must take care of security. Not all of them have the same amount of data to protect nor the same level of confidentiality but they have to implement a security policy. If it’s rather easy to implement a security perimeter to protect against the Evil Internet, internal
SHODAN, The Computer Search Engine
Search engines are well-known on-line tools. But not only websites can be indexed. They are plenty of search engines to find multimedia content, news and more. A new one is born: SHODAN. From the quick guide: “SHODAN lets you find servers/ routers/ etc. by using the simple search bar up
You’ve a SIEM? And Now?
“Log Management”, “SIEM”, “Correlation”, “Incident Management”, more and more organizations have a SIEM project in the pipe. SIEM means “Security Incident & Event Management“. Just to remind you, a SIEM is a set of tools which helps to collect and analyze logs from several sources on a corporate network. Basic
What’s Behind Microsoft COFEE?
It was announced a few days ago: Microsoft COFEE has been leaked on the wild Internet! Microsoft COFEE stands for “Computer Online Forensic Evidence Extractor“. This “forensic swiss army knife” is available for free to police forces around the world to conduct official forensics investigations. Note: It’s reportedly illegal for
Listen to EuroTrashSecurity
EuroTrashSecurity goes live for the first episode! The story is quite simple: a bunch of European security professionals thought there was not enough information about the security landscape in Europe. There are already plenty of excellent security podcasts but all of them lack of stories happening on the old continent.
“Kill-A-Zombie Day” Today
It’s Halloween! A security company developing antivirus solutions launched a cool propaganda related to the Halloween topic (monsters, zombies, etc): The “Kill-A-Zombie” day! Every computer not properly protected has chances risks to become a “zombie” and be part of a botnet. Security awareness campaign are always good initiatives. What could
Is Using “Public” Transport Means Having our Information “Public”?
Beginning of this year, there was a small buzz in the Belgian security landscape about a RFID card (The BMC – “Belgian Mobility Card“) being introduced by the company in charge of the public transports in Brussels (previous article here). A few months later, what changed? Almost nothing! If the
Express Check Out: Gain Time or Gain Safety?
Today is the last RSA Conference day in London. This morning, when I opened my room door, I was surprised to find an envelope lying on the ground: It contained two pages: one with all the details of my bill and the second one was a form to fill: First
Keep an Eye on Dormant Virtual Machines
Virtualization is a hot topic for a few years. All organizations, from the smallest to the largest, benefit of virtualization. Easy deployment of new servers, test lab, relocation (DRP & BCP), optimization of resources and much more. And what about security? How to integrate your virtual servers into your security