Tag Archives: Security

WinLock Pro

[[Today’s guest post is by Rojitha Goonesekere, the author of WinLock Pro. Rojitha is in Sri Lanka, making it very difficult to schedule a time to speak with him when we’re both awake.]]

WinLock Pro was inspired by Windows 8. After the release of the Developers preview, I was immediately drawn towards its simplicity and beauty. The new and improved metro interface to all the minor changes caught my attention. Something that really won me over was the excellent Lock Screen and login interface that Windows 8 provided the home user, a simple and easy way to access your PC at any time without any trouble. I was browsing online one day and realized that there were a countless number of blogs and forums dedicated towards this topic. And I immediately thought of bringing this experience all the way to Windows 7.

WinLock Pro

WinLock Pro was initially created as a “theme”, a way to enjoy a different look. I was not targeting the software to provide any “security” to the PC but merely just make it look good. But after releasing a few versions of the software I realized I could not only provide a different look to the usual operating system but also provide good security in the process. The first security modules were added in Version 4 and I kept developing these modules over the next versions of the software. The modules created did not provide “top class” security but it did stop intruders from accessing your personal files anytime soon.

Since security and privacy is something that everyone is concerned now, the main target is about developing these security features and providing the user with a safer experience. I am looking for developers who are experienced in this field to help me out with this project and hopefully make WinLock Pro an essential utility on any computer. I am also hoping that when the project is more stable; I could be able to replace the entire Login screen of Windows 7 with WinLock Pro.

If any developers conversant in VB.NET are interested in the project, they could contact me at any time, engage in discussions on SourceForge.net and start working on it. I hope that together we can create a more secure environment for everyone to use and enjoy.

Easier Security Code Reviews with Agnitio

agnitio_screenshot2

These days, creating secure applications is of the utmost importance, and as crackers improve their skills, security is becoming more and more challenging. Developers who are responsible for this area are only as good as the tools available to them. If this is you, and you work on Windows, then you might want to have a look at Agnitio. This security review tool assists you in conducting manual security reviews, and provides code review metrics and reporting for static analysis.

Agnitio’s lone developer is a man who takes security *very* seriously, David Rook. He recently received a Microsoft Security MVP award, and his expert Security Ninja blog has been nominated for five awards, including the Computer Weekly IT Security blog award. I had the distinct pleasure of talking with David about the Agnitio project.

How did the project get started?

Two main reasons really, firstly my application security team was growing fast and I needed to make sure that our security code review process was structured and exactly the same regardless of who completed the review. This was achieved by creating a checklist that covers the root causes of common web application vulnerabilities. The decision to have a checklist driven approach was influenced by the Checklist Manifesto book and the fact that checklists help engineers, doctors and pilots do their jobs better so why can’t it do the same for security code reviewers? What I also wanted to do was to understand that humans can be good code reviewers but only with the right help, guidance and tools. Agnitio is designed to make the most use of the limited time that humans are “useful” for code reviews. Humans get tired, emotional and distracted so Agnitio is there to try and keep them on track with the guidance they need when they need it the most – during the review itself.

The second reason was to deal with a bit of laziness on my behalf initially I suppose. I hated the report creation part of code reviews, the need to make sure we had audit trails and metrics so I wanted to make all of these things happen automatically. Basically what I can now say is that if you use Agnitio to do your security code reviews you get your audit trails, integrity checks, reports and metrics automatically without any additional work on top of completing the review itself.

Have you contributed to open source before?

I hadn’t actually, what better way to start than making your own project?

Do you have plans for the project, such as expanding the functionality or growing the dev team?

I have lots and lots of ideas in mind for future versions of Agnitio. I plan to increase the amount of rules for the code analysis module to include languages such as PHP and Java on top of the Android and iOS rules that I added in v2.0. Some of the other changes I have in mind are having dynamic checklists so that users aren’t stuck using one checklist – if you are reviewing an application that is Java using Spring and Microsoft SQL Server you get a checklist that focuses on specific issues associated with that stack for example. I love the user suggested changes and my list of user suggested changes include things like notes per checklist question in the review rather than one overall notes box and the ability to compare/access previous review results for an application whilst you are doing a new review.

Growing the dev team is something I have in mind. We have demand for adding lots of new functionality in the Windows version, people want a Linux version and we have even had a request for an Android tablet version. I’d certainly encourage people to get in touch if they think they can help with anything associated with taking Agnitio forward.

agnitio_screenshot
Why do you personally contribute to open source?

Mainly because I’ve worked in companies where application security budgets were non existent and even where budgets are available commercial application security tools are out of reach for most people. I wanted to make a solution that anyone could pickup and use regardless or their application security understanding and budget.

How can people help you? What are your main needs right now?

One of the things I really need right now is for people who use Agnitio to tell me what they see as the biggest problems with the tool. I’d love to know what the users would like to change or add to the tool to address issues they have and really push the project forward. If anyone wants to contribute more than ideas I’m always looking for people to help write code or even test Agnitio when I’m close to releasing a new version, especially people using non English versions of Windows!

Agnitio is a very useful and well developed tool, and has a very bright future ahead. We encourage you to check it out!

To download Agnitio: http://sourceforge.net/projects/agnitiotool

Learn How to Prevent Data Loss

I want to let you know about a free Webcast I will host on Wednesday, July 13th, entitled, “Tools for Successful Data Loss Prevention.” Join me and guest speaker, Allen Schmidt, Security Solutions Architect at CDW, for a detailed discussion on Wednesday at 2pm Eastern/11am Pacific. My guest speakers and I will discuss all the ways you can build a better data loss prevention strategy. Topics covered will include:

* Introduction to data loss prevention

* Audit of where your data is most at risk

* Criteria for identifying the data most at risk for loss

* How to calculate the potential costs of security threats

* How to build a comprehensive data loss prevention strategy

* Encryption and other technologies to protect lost data

* And much more…

In addition, Allen and I will take questions from live attendees, so I encourage you to attend. If you are in the midst of building a new security strategy, or busy managing the growing risk of data loss, please come, ask questions, and learn what your colleagues are doing too. We want to hear your thoughts and help you with your needs.

Click here to learn more. I look forward to answering your questions at this Webcast.

Web 2.0 Security: Social Media’s Effect on the Threat Landscape

I want to let you know about a free Webcast I will host on Tuesday, June 28, next week entitled, “Web 2.0 Security: Social Media’s Effect on the Threat Landscape.” Join me and guest speakers Joe Maglitta, Contributing Editor, Geeknet; David M. Jacquet, President, The InfoSec Group; and Tim Roddy, Sr. Director Web & Email Security, McAfee for a detailed discussion on Tuesday next week at 2pm Eastern/11am Pacific. My guest speakers and I will discuss all the ways you can build a better security strategy that accounts for the growing threat risks posed by social media and social networks. Topics covered will include:

* IT security in a Web 2.0 world

* Security threats specific to social networks

* Changing nature of malware, viruses, identity theft, and other threats in the age of social media

* How to calculate the potential costs of security threats

* How to build a comprehensive security strategy

* Tools to calculate security and policy management ROI

* And much more…

In addition, Joe, David, Tim, and I will take questions from live attendees, so I encourage you to attend. If you are in the midst of building a new security strategy, or busy managing the growing number of employees using Web 2.0 technologies at work, please come, ask questions, and learn what your colleagues are doing too. We want to hear your thoughts and help you with your needs.

Click here to learn more. I look forward to answering your questions at this Webcast.

Cloud Computing Update 2011: SourceForge Virtual Trade Show

Hello, my name is Stephen Wellman. I recently joined the staff of SourceForge on the editorial team and I am excited to be here. I want to let you know about a free Virtual Trade Show my SourceForge colleagues and I will host tomorrow, June 15, entitled, “Heading for the Clouds: 2011 Cloud Computing Update.” Join me, my co-host, long-time IT editor and industry analyst Joe Maglitta, my SourceForge colleague, Elizabeth Naramore, and our guests for a detailed set of panels and discussions starting at 10:15am Eastern/7:15am Pacific. We will discuss all the ways you can build a dynamic cloud computing infrastructure in your organization that can both grow ROI and increase organizational efficiency and flexibility.

Our guest speakers will include:

* Jeff Barr, Senior Web Services Evangelist, Amazon Web Services

* Brian Prince, Microsoft

* Peter Coffee, VP and Head of Platform Research, Salesforce.com

* Elizabeth Naramore, Manager of Community Development, SourceForge

* Jeffrey S. Hammond, Principal Analyst, Forrester

* Tony Woods, Sybase

* Rob May, CEO, Backupify

* And many more…

We will discuss a variety of leading cloud computing topics such as:

* Developing applications for the cloud

* How to build a scalable cloud infrastructure

* Cloud and mobility

* Compliance as a Service (CaaS)

* Security and the cloud

* Networking for cloud computing

* Service availability and continuous data protection

* How to build distributed, remote platforms with failover support

* And much more…

Go here to read our full agenda.

In addition, we will take questions from live attendees, so I encourage you to attend. If you are in the midst of building a new cloud infrastructure, expanding your existing cloud computing deployment, or developing new applications tailored for the cloud, please come, ask questions, and learn what your colleagues are doing too. We want to hear your thoughts and help you with your needs.

Click here to learn more. I look forward to answering your questions at this exciting Virtual Trade Show. Come join us. It’s free.