- Details
-
Category: Sicurezza
-
Published: Monday, 23 October 2017 11:41
-
Written by Riccardo Gallazzi
OWASP Zed Attack Proxy (ZAP) is an integrated tool dedicated to penetration testing that allows to identify vulnerabilities in Web apps and Websites. It’s an easy and flexible solution that can be used regardless of the proficiency level: it’s suitable for anyone, from a developer at the beginning with pentesting to professionals in the field.
ZAP is composed by two macro-section. The first one is an automated vulnerability scanner that can identify problems and provides a report for developers, sysadmins and security pros with all the details of discovered vulnerabilities in order to fix them.
The second one allows ZAP to work as a proxy and inspect the traffic and all HTTP/S requests and events -- there’s also the interesting capability of modifying them to analyze behaviour that differentiate from the norm or analyze their triggers which can be harmful to the system.
Read more ...
- Details
-
Category: Software/SAAS
-
Published: Thursday, 29 December 2016 10:46
-
Written by Lorenzo Bedin
Is there a solution to the hell of a problem about all those passwords you should adopt in your personal and working life? Yes, there is!, and it’s called password manager: let’s see what it is and how it can change your life for the better.
A password manager is a software that has storing and management capabilities in a single, secure place for all your access credentials and protects them by means of a single primary password. The main goal of this kind of software is to guarantee the security of stored data and a structured management (research, update, deletion, etc..).
Unlike manual solutions like spreadsheets or even paper notes, a software like this helps you to maintain an archive through time or with a growing number of information. Moreover, it provides a better security level, simplify adding passwords and include interesting features as the automated generation of secure passwords and advanced research features.
Read more ...
- Details
-
Category: VMworld
-
Published: Monday, 26 October 2015 09:45
-
Written by Filippo Moriggia
We had the pleasure of chatting with Albert Kramer, Technical Manager Continental Europe Trend Micro, at WMworld; we talked about security.
How does Trend Micro face the small and medium businesses market that is so widespread in Italy?
Trend Micro offers different product for private users and companies, in particular we have two solutions for the protection of small-medium companies and another for the bigger ones, so that we can offer a specific product for every kind of client.
The small and medium companies solution can be directly managed by Trend Micro for the companies that haven’t got an IT staff, or it can be managed by an internal/external IT if present.
The more advanced version of the Worry-Free Business Security suite that we offer on the SMB market can handle servers, virtual machines, mobile devices and mail servers without any particular difficulty on a technical aspect.
That naturally doesn’t mean to exclude the bigger companies…
No, we have indeed a 360° product line for every needs.
In addition to a dedicated suite for the Enterprise tier companies, we support the integration with VMware NSX and we even offer dedicated solutions for datacenters and cloud infrastructures.
And how do you relate with respect to Managed Service Providers and resellers?
We have a program of actions and products dedicated to this category of users with specific solutions for MSPs, hosted security systems for, say, email security and management dashboards with SSO features.
A really complete offering even for a category so heterogeneous and hard to fulfill.
- Details
-
Category: VMworld
-
Published: Monday, 26 October 2015 09:11
-
Written by Filippo Moriggia
Among the people we have met for you at VMworld 2015, there’s Itai Greenberg, Head of Datacenter Security Business for Check Point.
Good day Itai, let’s start with a brief introduction of the company, for those who don’t know Checkpoint yet and its role in the world of security.
Check Point is an Israeli company, the absolute leader in its sector, it protects more than 100.000 companies and covers all the levels of security, from Mobile to Cloud, through Datacenter. As we are at VMworld, I’d like to highlight that our coverage for hypervisors and our Software-Defined protection are total: we support NSX as well, the protection on a hypervisor level and we can promptly intervene on VM by locking the connections to a network if a malicious infection is revealed.
How do you manage the protection of mobile devices? By means of a traditional anti-virus program?
The Dashboard of Check Point's Mobile Threat Prevention No, the protection of mobile devices is fundamental for us, so we use an extremely sophisticated solution called Check Point Capsule: it’s a separated environment dedicated to the business applications that runs inside smartphones and tablets (Android and iDevices) and can handle emails, contacts, agenda, notes, shared files and Remote Desktop connections with no level of interaction with the main applications installed on devices. Aiming for a BYOD (Bring Your Own Device) finally secure and protected. A management connection for controlling terminals in a centralized way is naturally present.
Do you have a managed solution of your product for desktop and servers? Do you allow Managed Service Providers and resellers to manage the situation of their own clients without having to access to a multitude of console, one after another?
Surely, our product can be managed by resellers -and their clients- when we are in an environment where an internal IT is present, and by Check Point itself for Cloud based solutions.
Do you have any technology that goes beyond the traditional antivirus protection? To overcome the concept of identification with signatures and obtaining a more prompt time of intervention? For instance, in the case of Ramsonwares like Cryptolocker?
Check Point Sandblast, included in our Next Generation Prevention line, is a proprietary technology that aims to that goal. The recent attacks often use well-known vulnerabilities and modified signature to avoid to be identified.
The variations that are created allow to not be identified by traditional antiviruses. Sandblast offers a protection to 0-day attacks by identifying exploits on a CPU level and a prompt protection against malware not already revealed.