Cracking into embedded devices and beyond!

As promised in my previous post, I have  just uploaded Cracking into embedded devices and beyond, Adrian Pastor’s presentation at ‘Hack in The Box’ Dubai 2008.

Thanks Adrian for your promptly response when asked for the slides and congratulations for your excellent contribution to the security community. Hope we can share a pint next time I’m in London. Un abrazo!

Continue reading Cracking into embedded devices and beyond!

Integrating ISO 17799 into your Software Development Lifecycle

[IN]Secure Magazine - Issue 11I open the new section Papers & Presentations of this blog posting my latest article published on INSECURE Magazine: “Integrating ISO 17799 into your Software Development Lifecycle”.

In this paper, published on the 11th issue of INSECURE Magazine (May 2007), I explain how information security controls can be integrated in the Software Development Lifecycle (SDLC) using ISO/IEC 17799 (now ISO/IEC 27002). The article includes a summary table linking specific clauses in the standard to SDLC phases starting from the risk assessment stage, prior to drawing up security requirements, and continuing right through development, testing and operations to system disposal at the end of its life.

Continue reading Integrating ISO 17799 into your Software Development Lifecycle