Category: Cybersecurity
OWASP AppSec Asia 2008: Proxy Caches and Web Application Security
Back to travelling a bit, I have accepted an invitation from Wayne Huang, Chapter Leader, OWASP Taiwan, to give the following presentation at OWASP AppSec Asia 2008, October 27 – 28, 2008, in Taipei: Proxy Caches and Web Application Security Abstract: Proxy caches, combined with poorly written session management code, can easily lead to serious [...]
Read moreCEP, Event Noise and Asymmetric Event Processing
In The Genesis of Complex Event Processing: Asymmetric Capabilities I introduced the abstract concept of “asymmetric processing capabilities” to describe the foundations of complex event processing. If you take a few moments to review the first CEP projects from Stanford University, you will see that the application of CEP was toward solving myriad asymmetric event [...]
Read moreThe Genesis of Complex Event Processing: Asymmetric Capabilities
More often than not, folks working in the field of complex event processing do not truly understand CEP. We often see the same folks try to position and mischaracterize CEP as business process orchestration, business process management, event-driven architecture or even an evolution of service-oriented architecture. Well-intended, this mischaracterization of CEP is often for sales [...]
Read moreThe 10 Top Cybersecurity Threats for 2008, AMCHAM & OWASP Thailand
Last year, in collaboration with IT security experts from (ISC)2 and the LinkedIn professional network, I published The Top Ten Cybersecurity Threats for 2008. In a joint meeting with interested AMCHAM Thailand guests from the Open Web Application Security Project (OWASP), Thailand, Chapter, we will review the 2008 top 10 cybersecurity threats and facilitate an [...]
Read moreComplex Event Processing – An Emerging Paradigm in Business Intelligence, Security and Monitoring and Control
The following quote is from Complex Event Processing – An Emerging Paradigm in Business Intelligence, Security and Monitoring and Control by Evo Eftimov, iSec Consulting Ltd “Complex Event Processing (CEP) is a technology which has been used for many years in the Aerospace and Defence Industry for Situational Awareness and Data Fusion modules in Command, [...]
Read moreThe Audacity of Capital Markets
It it fairly well established that overt risk tasking, greed and corporate arrogance by financial services companies have destroyed the real estate market and crippled the global economy. Countless millions of folks have lost their homes and life savings. This corporate arrogance and greed was like a “greed virus,” spreading across the world like a [...]
Read moreA New Security Breach in Google Docs Revealed
I am a big fan of Google and, over time, I have started to enjoy the freedom from my desktop with Google Docs. For example, when I keep track of business expenses I have found it easier to update a Google Spreadsheet versus depending on Microsoft Excel on my laptop because I can update from [...]
Read moreThe Kum Bai Ya of Event Processing
Kindred spirit Marc Adler mentions being a bit ”turned off” by the sniping back-and-forth in the CEP/EP blog-o-sphere. This was exactly how I felt in early 2006 when folks were sniping back and forth about SQL standards and event stream processing (ESP). A group of vendors had created some stream processing engines and all were in “power positioning” mode with the acronyms “ESP” and ”CEP”, hoping to ride [...]
Read moreCEP is Not BPM, BAM, BRE, BRMS or SOA
A post in Technology content of current CEP products? reminds me of why I rarely, if ever, agree with anything that comes out of Aleri’s marketing team. To fair to Jeff, it is not only Aleri but others, who continually misdefine business process management (BPM) as CEP. Jeff uses the example, “Smart Order Routing” as an example [...]
Read moreTechnology Tales from Thailand: KBank Fraud Management
In The Magical ATM Card and SMS Message in Thailand we talked about booking flights and securely paying using a SMS PayCode and ATM transfer, avoiding the possibility of on-line credit card fraud; and in Keyloggers: Why Banks Need Two-Factor Authentication I described how KBank uses SMS-based one-time-passwords (OTP) to authenticate transactions. In addition to the above [...]
Read more