Standford University - Cryptography Course, Completed.
I could not be more satisfied with that being completed.. It has taken a lot of my time, and I were almost about to lose it, but got through it with a great result. I am awaiting my certification by Dan Boneh.
This book, I have gotten inspired of, and are hooked! - now I'm getting back on track where my motivation comes in, and just swallow page by page.
I got inspired by some InfoSec guy, and I have being followed him for some time. Although I decided to move on from Secrets and lies to this one, since I did not found that book to be in my entire interest! .. But I have to mention, sooner or later I will complete it :-) .. Just not ATM!
I find it most essential to study this e-book. The thing is, I'm starting on The Business Academy the 24'th January 2013 - 2'th Semester in Computer Science, and do not got that much time off probalby to read, since there would most likely be a lot of challenges within scope of 2013.
Mentally, I'm ready for the challenges and unexpected, so I'll give it my 110%!.
The Website www.maxjensen.dk - Is recently updated with a brand new design, because I felt like there needed to be a bit more structure of my postings and information posting on there. Disregard that one.com - my hosting company allowed me to modify on a Mac, which I am glad for! - the other website I had, I had to go onto my windows computer, and modify everything..
I will be posting my opinion about the book when I finished reading. Meanwhile I will sit back with a nice cup of coffie, and enjoy reading this!
The place I got inspired of to read this book is listed bellow!
Resource link: http://www.t3rm1t.blogspot.dk/
-----------------------
-
Authentication and authorization The best applications ensure that
authentication and authorization steps are complete and cannot be
circumvented.
- Mistrust of user input Users should be treated as “hostile agents” as data
is verified on the server side and strings are stripped of tags to prevent buffer
overflows.
- End-to-end session encryption Entire sessions should be encrypted, not
just portions of activity that contain sensitive information. In addition, secure
applications should have short timeout periods that require users to re-
authenticate after periods of inactivity.
- Safe data handling Secure applications will also ensure data is safe while
the system is in an inactive state. For example, passwords should remain
encrypted while being stored in databases and secure data segregation should
be implemented. Improper implementation of cryptography components
have commonly opened many doors for unauthorized access to sensitive data.
- Eliminating misconfigurations, backdoors, and default settings A
common but insecure practice for many software vendors is to ship software
with backdoors, utilities, and administrative features that help the receiving
administrator learn and implement the product. The problem is that these
enhancements usually contain serious security flaws. These items should
always be disabled and require that the customer enable them, and all
backdoors should be properly extracted from source code.
- Security quality assurance Security should be a core discipline when
designing the product, during specification and development phases, and
during testing phases. Vendors who create security quality assurance teams
(SQA) to manage all security-related issues are practicing due diligence.
No comments:
Post a Comment