Yearly Archives 2018

State of the Art in Identifying Sensitive Data

Protecting personal information in your databases is a bigger deal than ever, what with the European General Data Protection Regulation (GDPR) going into effect in May and California passing a new Consumer Privacy Protection Act. Knowing what personal information you have in your systems and where it resides is a precondition to managing it effectively. My friend and colleague Luke Probasco, product manager at Townsend Security has posted a nice listing of security standards with lists of the sensitive data elements that each of them identifies; see What Data Needs to Be Encrypted in MongoDB? If you are interested in Read More

by Tom Spitzer | August 28, 2018 | No Comments

Categories: Security.
Languages: English.

Privilege Escalation and Data Protection

A cyberattack is actually like a disease. The infection starts with an attacker taking advantage of some weakness in the system to penetrate and gain a foothold in an organ; in the case of an attack, the organ is often some computer that’s not being diligently managed. The infection takes control of the machinery of the organ, using it to build up its strength and using it as a base to launch incursions into other parts of the network. The incursions probe for valuable information and other weaknesses they can leverage. One of the main things they look for is Read More

by Tom Spitzer | August 28, 2018 | No Comments

Categories: Uncategorized.
Languages: English.

Are Secure Applications Possible?

For the past few years, a number of us in the security space have been talking about (1) the criticality of building secure applications; and (2) the importance of auditing open source components for security flaws. If you have not been following along, applications deployed over the Internet are a leading target, if not the leading target for sophisticated attackers. This Secodis blog entry cites the Verizon 2017 Data Breach Report indicating that 29.5% of breaches where caused by web application attacks, and the Sonatype 2017 State of Software Supply Chain Report, indicating that 80 – 90% of an applications Read More

by Tom Spitzer | August 28, 2018 | No Comments

Categories: AppSec and Security.
Languages: English.

MongoDB talk – video available

MongoDB has posted my talk on security in MongoDB Community edition. You can see the slides here; the video is on line out there. I have additional presentations that I made last year, and that I have prepared and never presented anywhere! If you interested in data security, for MongoDB or any database for that matter, let’s talk! Read More

by Tom Spitzer | July 18, 2018 | No Comments

Categories: Uncategorized.
Languages: English.

Yearly Archives 2018

State of the Art in Identifying Sensitive Data

Privilege Escalation and Data Protection

Are Secure Applications Possible?

MongoDB talk – video available

"I firmly believe that EC Wise is the only development shop that could have built as usable a solution so quickly." – John Toman VP of Product Management, Pivot Payables

"We would never have gotten to where we did without EC Wise." – Ronaldo Ama Sr. Director of Engineering, Business Objects

“EC Wise is an innovative technology company. I am impressed with their ability to balance creativity, customer requirements, and technology quality, while still managing costs and execution.” – Allen Babbitt Chief Financial Officer, Lead Analytics

"EC Wise has great expertise when it comes to using the Pervasive Data Integration Tools. The EC Wise team has built very high volume and complex data integrations associated with our products." – David Inbar Worldwide VP of Marketing, Pervasive Software, Inc.

"By quickly prototyping a wide range of functional product concepts, EC Wise was able to uncover and resolve business model issues very early in the planning process." – Jim Diggs CEO, Mindport

Email:

info@ecwise.com

Phone:

USA +1-415-226-8858

Privacy Policy

Terms of Use