[Owasp-delhi] Owasp-delhi Digest, Vol 12, Issue 4

Amit Parekh justsec at gmail.com
Thu Jul 17 08:37:07 EDT 2008


I am not sure whether to take 'HackerSafe' in a literal way. In one of my
previous assignments, a site with that logo was found to have a serious SQL
injection vulnerability which allowed us to gain access to the web host (it
was a pen test). From that day on, my trust for this logo lessened.

-Amit

On 7/14/08, owasp-delhi-request at lists.owasp.org <
owasp-delhi-request at lists.owasp.org> wrote:
>
> Send Owasp-delhi mailing list submissions to
>         owasp-delhi at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.owasp.org/mailman/listinfo/owasp-delhi
> or, via email, send a message with subject or body 'help' to
>         owasp-delhi-request at lists.owasp.org
>
> You can reach the person managing the list at
>         owasp-delhi-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-delhi digest..."
>
>
> Today's Topics:
>
>    1. Are you a user of HackerSafe (re-branded to McAfee        Secure)?
>       (Soi, Dhruv)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 14 Jul 2008 12:53:58 +0530
> From: "Soi, Dhruv" <dhruv.soi at owasp.org>
> Subject: [Owasp-delhi] Are you a user of HackerSafe (re-branded to
>         McAfee  Secure)?
> To: <Owasp-delhi at lists.owasp.org>
> Message-ID: <487aff19.09f8720a.1244.49ee at mx.google.com>
> Content-Type: text/plain; charset="us-ascii"
>
> During one of my recent meetings with a prospective customer who is into
> online business, I tried convincing him to get his web infrastructure
> assessed. But company was satisfied and highly confident for being secured
> by using HackerSafe. HackerSafe or any other automated assessment framework
> can't be as effective as a manual assessment, where few human minds are at
> work. But unfortunately, when it comes to information security, cost
> towards
> convincing a customer and making him/her understand the worth of security
> assessment is much higher than actually executing the assessment exercise.
>
>
>
> I just found few online articles and a video on HackerSafe and thought to
> share with you (will surely, share these with that prospect as well :-))
>
>
>
>   <http://blog.cenzic.com/public/item/208922> McAfee HackerSafe: Not Safe.
> Not PCI Compliant.
>
> HackerSafe Video:
>
>   <http://blogs.zdnet.com/security/?p=1092> McAfee's HackerSafe: When all
> else fails, rebrand it!
>
>
>
>
>
> Many Thanks,
>
> Dhruv
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.owasp.org/pipermail/owasp-delhi/attachments/20080714/23116e5a/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
> End of Owasp-delhi Digest, Vol 12, Issue 4
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20080717/f2bc0b69/attachment.html 


More information about the Owasp-delhi mailing list