Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management
 
Archive | Cybersecurity RSS feed for this section

Endpoint Security

An endpoint, in the context of a computer network, is a remote computing device that communicates back and forth with a network to which it is connected. Examples of endpoints are desktop computers and smartphones. In the context of an organization, term “endpoint” is used to differenciate these devices mostly from servers, firewalls and other network […]

Comments { 0 }

Digital Signatures accepted by Public Administrations of Spain

Digital signature types accepted by Public Administrations of Spain: XAdES XAdES-BES XAdES-EPES XAdES-T XAdES-C CAdES PAdES XAdES is used to sign small files (up to 4 MB). CAdES is used to sign big files (more than 4 MB). PAdES is used to check the information of both signature and content. Web portal Valide and @firma work with these signature […]

Comments { 0 }

List of Application Security Testing (AST) Solutions

Application Security Testing (AST) is the process of checking an application in order to identify potencial vulnerabilities and set points for security improvements. Types of AST: Static AST (SAST) Dynamic AST (DAST) Interactive AST (IAST)   List of Application Security Testing (AST) Solutions AST Solutions: SonarQube CheckPoint SonarQube https://www.sonarqube.org/ OpenSource platform Checkmarx SAST https://checkmarx.com/product/cxsast-source-code-scanning/ Developed […]

Comments { 0 }

Esquema Nacional de Seguridad (ENS)

El Esquema Nacional de Seguridad (ENS) es un marco de trabajo promulgado por el Gobierno de España y que establece una serie de medidas relacionadas con la seguridad de la información. El ENS es de obligado cumplimiento para las administraciones públicas españolas a cualquier nivel de ámbito territorial, y también para las entidades y personas […]

Comments { 0 }

Data Roles

This post summarizes the roles involved in managing data in IT systems, according to USA’s NIST SP 800-18 Rev. 1 “Guide for Developing Security Plans for Federal Information Systems” or European Union’s General Data Protection Regulation (GDPR). This data roles are questioned in CISSP exam, corresponding to CISSP Domain 2.   Data Roles The roles […]

Comments { 0 }

DLL Side-loading Attack

This post explains what is a DLL side-loading attack in the context of IT security.   What is a DLL Side-loading Attack? A Dynamic Linked Library (DLL) is a file that is used on Windows systems to group functions. By using DLLs, common functionality can be isolated and re-usability is enabled. As DLL are particular […]

Comments { 0 }

List of Penetration Testing Methodologies

This post lists some industry-standard penetration testing methodologies. OWASP Web Security Testing Guide OSSTMM NIST SP 800-115 FedRAMP Penetration Test Guidance PCI DSS Information Supplement on Penetration Testing List of industry-standard penetration testing methodologies OWASP Web Security Testing Guide https://owasp.org/www-project-web-security-testing-guide/ Open Source Security Testing Methodoloy Manual (OSSTMM) https://www.isecom.org/research.html Institute for Security and Open Methodologies (ISECOM) […]

Comments { 0 }

Anonymity Networks

This post lists some anonymity networks: Tor / Onionland FreeNet I2P   External references “Anonymity Networks. Don’t use one, use all them!“; Chi Square

Comments { 0 }

ISO/IEC 27001 Lead Implementer Certifications

ISO/IEC 27001 Lead Implementer Do not confuse this certification with ISO 27001 Lead Auditor certification. List of ISO/IEC 27001 Lead Implementer certifications: PECB ISO/IEC 27001 Lead Implementer CertiProfISO 27001 Lead Implementer List of ISO/IEC 27001 Lead Implementer course: ISMS.online IAF (International Accreditation Forum) issued the document “Knowledge Requirements for Accreditation Body Personnel for Information Security […]

Comments { 0 }

Certifications for Windows Security Administration

This post lists some professional certifications for administration of Windows operating systems. List of certifications for Windows administration: Microsoft Certified: Security Operations Analyst GIAC’s GCWN Microsoft 365 Certified: Security Administrator Associate Microsoft 365 Certified: Modern Desktop Administration Associate List of certifications for Windows Security Microsoft Certified: Security Operations Analyst Certification is “Microsoft Certified: Security Operations […]

Comments { 0 }
Política de privacidad
Studii Salmantini. Campus de excelencia internacional