Home / Segmented / Development

Development

This section provides content of interest to professionals who handle different programming languages, development environments, tools to ensure security, code analysts and auditors, cryptographers, or specialists in reverse engineering and malware.

cryptographic web protocols

2014: The toughest year for cryptographic web protocols

Posted on 12/30/2014, by Santiago González (INCIBE)
Security errors SSL (along with its TLS evolution) is the most used cryptographic protocol in its different implementations to guarantee the confidentiality of communications on Internet. This is achieved by ciphering, via asymmetrical cryptography algorithms, the communications between the client (usually the user’s web browser) and the server it gains access to. When a website is shown using...
Tags: 
Cryptography
Vulnerability
SELinux

SELinux and Mandatory Access Control

Posted on 12/29/2014, by Antonio López (INCIBE)
In a previous article about basic access control mechanisms in systems security we introduced Mandatory Access Control (MAC) as a more accurate mechamism than basic access control. Now we are talking about of SELinux as an example of Mandatory Access Control.
Tags: 
Best practices
Linux
Vulnerability
Access denied

Basic Access control mechanisms in Systems Security

Posted on 11/27/2014, by Antonio López (INCIBE)
<p>In any IT system, especially if it’s multiuser, the access control of users and resources is fundamental for its security. That’s why it’s very important to have mechanisms that provide an appropriate segregation of privileges and user permissions, along with the administration of these and related elements.</p>
Tags: 
Best practices
Navaja Negra Conference

Merovingio: Deceiving Malware

Posted on 11/06/2014, by Adrián Pulido (INCIBE)
At the most recent Navaja Negra conference held in Albacete on 2, 3, and 4 October, I had an opportunity to present a tool that INCIBE has been working on for months. This tool, Merovingio is an applications analyser that determines whether these are legitimate or malicious.
Tags: 
Malware
Cybercamp logo

Cybercamp Security Challenges

Posted on 10/31/2014, by INCIBE
Among the activities INCIBE has organised for the CyberCamp event to find new cyber-security talents are a wide range of Security Challenges which you can take part in to find out what it is that really fires your inspiration. The challenges are made up of two stages, one online and the other at the event itself. You can take part in the online stage, which will be open from 7 to 16 November ...
Tags: 
Cryptography
Forensics
Safe development
Vulnerability
Cybercamp logo

CyberCamp: Show off Your Potential

Posted on 10/27/2014, by INCIBE
One of the activities included in the Plan for Trust in Digital Life (Plan de Confianza en el Ámbito Digital) is the celebration of an event aimed at focusing the interest of all audiences towards this discipline, so important in our daily lives. The venue, organised by INCIBE will take place from 5 to 7 December, 2014, and will be held in the Pabellón Multiusos I of Madrid. As we want this...
Tags: 
Cryptography
Forensics
Safe development
Vulnerability
OWASP Testing Guide v4.0.

OWASP Testing Guide v4.0. A Guide to Security in Web Applications

Posted on 10/15/2014, by Antonio López (INCIBE)
The OWASP Foundation has updated its safety guide development, OWASP 4.0. Work of free distribution of high quality and prestige is already a reference for developers and auditors in the development of secure web applications. The OWASP foundation updates His guide to web development security, OWASP 4.0.
Tags: 
Safe development
Abuse of DNS

Use and Abuse of DNS

Posted on 10/02/2014, by Antonio López (INCIBE)
DNS is a protocol present in almost all network communications and therefore very attractive as a tool of attack and / or distribute malicious software such as viruses, botnets and malware. In this article some both offensive and defensive strategies based on the use of DNS are briefly outlined.
Tags: 
Best practices
Data protection
Incident
Fingerprint

The issue of biometrics as an authentication method

Posted on 09/25/2013, by Antonio Rodríguez (INCIBE)
With the announcement of the new fingerprint sensor in the latest smartphone from Apple, the iPhone 5S, biometric sensors are again under scrutiny among information security professionals. Especially because the use of these technologies is becoming popular for consumer grade electronics, and its use use could become ubiquitous for something made to protect sensitive data, like information...
Tags: 
Best practices
Biometrics
iOS
Vulnerability

Pages