{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Vulnerability Management - Not Just Off the Shelf

by Fred Pinkett on January 26, 2011

Vulnerability ManagementThe problem of standard vulnerability management is well known, Windows patches come out the second Tuesday of every month and then it’s a scramble to figure out which ones have to be applied to which systems and if they will affect operations. The same is true on other operating systems only on a less predictable schedule.  More recently, the same has become true of applications from desktops to servers, Adobe to Zimbra and everything in between, each with its own set of patches, schedules, and vulnerabilities. Your Vulnerability Management process and Patch Management tools or vendor updates may take care of these, but what about the vulnerabilities in your web sites and custom or customized applications?

This has become an analogous process but with a painful twist. Static and Dynamic analysis tools scan custom applications for vulnerabilities but leave you with three problems.

  1. False Positives
  2. Too Much Data
  3. Not Enough Information

How can you have too much data and not enough information? The data is the overwhelming number of findings that seems inevitable. The information needed is the realistic prioritization of what’s real and critical and what’s not. Usually this has to be done one by one since unlike known vulnerabilities these are more general and pertain to your specific application. Unfortunately there are often too many to handle and the vulnerability management process for these applications stalls, leaving critical applications and data open to attack.

The only way to lessen the load is to get to root cause and reduce the number of application vulnerabilities in the first place, as well as give developers the guidance to fix the ones already there.  The good news is that this can be done.  Defensive coding can be taught to development staff to prevent vulnerabilities and Security Innovation provides cost effective e-learning and guidance to make it happen. We’ve helped technology companies and internal IT application developers alike make a big difference in their application development process. If you’re interested, here’s how to find out more.

Topics: application security, application risk & compliance

Most Recent

What's Trending

Featured Resource