Mobile secure gateway

Mobile secure gateway (MSG) is an industry term for the software or hardware appliance that provides secure communication between a mobile application and respective backend resources typically within a corporate network. It addresses challenges in the field of mobile security.

MSG is typically composed of two components - Client library and Gateway. The client is a library that is linked with the mobile application. It establishes secure connectivity to Gateway using cryptographic protocol typically SSL/TLS. This represents a secured channel used for communication between the mobile application and hosts. Gateway separates internal IT infrastructure from the Internet, allowing only an authorized client requests to reach a specific set of hosts inside restricted network.

Client library

The Client library is linked with the corresponding mobile application, and that provides secure access via the Gateway to the set of Hosts. The Client library exposes public API to the mobile application, mimicking platform default HTTP client library. The application uses this API to communicate with the desired hosts in a secure way.

Gateway

Gateway is a server or daemon typically installed onto physical or virtual appliance placed into DMZ. Gateway public interface is exposed to the Internet (or other untrusted network) and accepts TCP/IP connections from mobile applications. It operates on IPv4 and/or IPv6 networks. Incoming client connections typically use SSL/TLS to provide security for the network communication and a mutual trust of communicating peers. Communication protocol is typically based on HTTP.[1]

Host

Gateway forwards requests from connected apps to a collection of configured hosts. These are typically HTTP or HTTPS servers or services within an internal network. The response from a host is sent back to the respective mobile app.

References
  1. "Mobile Security". www.peerlyst.com. Retrieved 6 May 2016.
External links

Continue Reading...
Content from Wikipedia Licensed under CC-BY-SA.

Mobile secure gateway

topic

Mobile secure gateway

Mobile secure gateway (MSG) is an industry term for the software or hardware appliance that provides secure communication between a mobile application and respective backend resources typically within a corporate network. It addresses challenges in the field of mobile security. MSG is typically composed of two components - Client library and Gateway. The client is a library that is linked with the mobile application. It establishes secure connectivity to Gateway using cryptographic protocol typically SSL/TLS. This represents a secured channel used for communication between the mobile application and hosts. Gateway separates internal IT infrastructure from the Internet, allowing only an authorized client requests to reach a specific set of hosts inside restricted network. Client library The Client library is linked with the corresponding mobile application, and that provides secure access via the Gateway to the set of Hosts. The Client library exposes public API to the mobile application, mimicking platform ...more...

Member feedback about Mobile secure gateway:

Mobile security

Revolvy Brain (revolvybrain)

Revolvy User


Mobile security

topic

Mobile security

Mobile security, or more specifically mobile device security, has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones. More and more users and businesses use smartphones to communicate, but also to plan and organize their users' work and also private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company. All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses inherent in smartphones that can come from the communication mode—like Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), WiFi, Bluetooth and GSM, the de facto global ...more...

Member feedback about Mobile security:

Mobile security

Revolvy Brain (revolvybrain)

Revolvy User

poftut

(poftut)

Revolvy User


Secure by design

topic

Secure by design

Secure by design, in software engineering, means that the software has been designed from the ground up to be secure. Malicious practices are taken for granted and care is taken to minimize impact when a security vulnerability is discovered or on invalid user input.[1] Generally, designs that work well do not rely on being secret. While not mandatory, proper security usually means that everyone is allowed to know and understand the design because it is secure. This has the advantage that many people are looking at the computer code, which improves the odds that any flaws will be found sooner (see Linus's law). Attackers can also obtain the code, which makes it easier for them to find vulnerabilities as well. Also, it is important that everything works with the least amount of privileges possible (see the principle of least privilege). For example, a Web server that runs as the administrative user ("root" or admin) can have the privilege to remove files and users that do not belong. A flaw in such a program ...more...

Member feedback about Secure by design:

Software development process

Revolvy Brain (revolvybrain)

Revolvy User


Malware

topic

Malware

Malware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server or computer network.[1] Malware does the damage after it is implanted or introduced in some way into a target’s computer and can take the form of executable code, scripts, active content, and other software.[2] The code is described as computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware, among other terms. Malware has a malicious intent, acting against the interest of the computer user—and so does not include software that causes unintentional harm due to some deficiency, which is typically a software bug. Programs officially supplied by companies can be considered malware if they secretly act against the interests of the computer user. For example, Sony sold the Sony rootkit, which contained a Trojan horse embedded into CDs that silently installed and concealed itself on purchasers' computers with the intention of preventing illicit copying. It also repor ...more...

Member feedback about Malware:

Malware

Revolvy Brain (revolvybrain)

Revolvy User


Payload (computing)

topic

Payload (computing)

In computing and telecommunications, the payload is the part of transmitted data that is the actual intended message. Headers and metadata are sent only to enable payload delivery.[1][2] In the context of a computer virus or worm, the payload is the portion of the malware which performs malicious action. The term is borrowed from transportation, where payload refers to the part of the load that pays for transportation. Security In computer security, the payload is the part of the private user text which could also contain malware such as worms or viruses which performs the malicious action; deleting data, sending spam or encrypting data.[3] In addition to the payload, such malware also typically has overhead code aimed at simply spreading itself, or avoiding detection. Programming In computer programming, the most common usage of the term is in the context of message protocols, to differentiate the protocol overhead from the actual data. For example, a JSON web service response might be: { "data": { "me ...more...

Member feedback about Payload (computing):

Data transmission

Revolvy Brain (revolvybrain)

Revolvy User


Firewall (computing)

topic

Firewall (computing)

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.[1] A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.[2] Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls filter traffic between two or more networks and run on network hardware. Host-based firewalls run on host computers and control network traffic in and out of those machines. History The term "firewall" originally referred to a wall intended to confine a fire within a building.[3] Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. The term was applied in the late 1980s to network technology that emerged when the Internet was fairly new in terms of its global use and connectivity.[4] The predecessors to firewalls fo ...more...

Member feedback about Firewall (computing):

American inventions

Revolvy Brain (revolvybrain)

Revolvy User


Intrusion detection system

topic

Intrusion detection system

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any malicious activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources, and uses alarm filtering techniques to distinguish malicious activity from false alarms. While there are several types of IDS, ranging in scope from single computers to large networks,[1]. the most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). A system that monitors important operating system files is an example of a HIDS, while a system that analyzes incoming network traffic is an example of a NIDS. It is also possible to classify IDS by detection approach: the most well-known variants are signature-based detection (recognizing bad patterns, such as malware) and ...more...

Member feedback about Intrusion detection system:

Internet Protocol based network software

Revolvy Brain (revolvybrain)

Revolvy User


Security hacker

topic

Security hacker

A security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering,[1] challenge, recreation,[2] or to evaluate system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the computer underground.[3] There is a longstanding controversy about the term's true meaning. In this controversy, the term hacker is reclaimed by computer programmers who argue that it refers simply to someone with an advanced understanding of computers and computer networks,[4] and that cracker is the more appropriate term for those who break into computers, whether computer criminal (black hats) or computer security expert (white hats).[5][6] A 2014 article concluded that "... the black-hat meaning still prevails among the general public".[7] History Bruce Sterling, author of The Hacker Crackdown ...more...

Member feedback about Security hacker:

Illegal occupations

Revolvy Brain (revolvybrain)

Revolvy User

poftut

(poftut)

Revolvy User


Social engineering (security)

topic

Social engineering (security)

OPSEC alert Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals.[1] Information security culture Employee behavior can have a big impact on information security in organizations. Cultural concepts can help different segments of the organization work effectively or work against effectiveness towards information security within an organization. "Exploring the Relationship between Organizational Culture and Information Security Culture" provides the following definition of information securi ...more...

Member feedback about Social engineering (security):

Commodore 64 games

Revolvy Brain (revolvybrain)

Revolvy User

Infosec

(stuza1)

Revolvy User

1

Becks McLaren (BecksMcLaren)

Revolvy User


SQL injection

topic

SQL injection

A classification of SQL injection attacking vector as of 2010. SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. In a 2012 study, it was observe ...more...

Member feedback about SQL injection:

Data management

Revolvy Brain (revolvybrain)

Revolvy User


Information security

topic

Information security

Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. It is a general term that can be used regardless of the form the data may take (e.g., electronic, physical).[1] Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.[2] This is largely achieved through a multi-step risk management process that identifies assets, threat sources, vulnerabilities, potential impacts, and possible controls, followed by assessment of the effectiveness of the risk management plan. To standardize this discipline, academics and professionals collaborate and seek to set basic guidance, policies, and industry standards on password, antivirus software, firewall, encryption software, ...more...

Member feedback about Information security:

National security

Revolvy Brain (revolvybrain)

Revolvy User

Infosec

(stuza1)

Revolvy User


Keystroke logging

topic

Keystroke logging

A keylogger example of a screencapture, which holds potentially confidential and private information. The image below holds the corresponding keylogger text result. Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keylogger can be either software or hardware. While the programs themselves are legal,[1] with many of them being designed to allow employers to oversee the use of their computers, keyloggers are most often used for the purpose of stealing passwords and other confidential information.[2][3] Keylogging can also be used to study human–computer interaction. Numerous keylogging methods exist: they range from hardware and software-based approaches to acoustic analysis. ApplicationSoftware-based keyloggers A logfile from a so ...more...

Member feedback about Keystroke logging:

Surveillance

Revolvy Brain (revolvybrain)

Revolvy User


Secure coding

topic

Secure coding

Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.[1] Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment. Buffer Overflow Prevention Buffer overflows, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. For example, if there are 8 slots to store items in, there will be a problem if there is an attempt to store 9 items. In computer memory the overfl ...more...

Member feedback about Secure coding:

Computer security

Revolvy Brain (revolvybrain)

Revolvy User


Antivirus software

topic

Antivirus software

ClamTk, an open source antivirus based on the ClamAV antivirus engine, originally developed by Tomasz Kojm in 2001. Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware.[1] Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, advanced persistent threat (APT) and ...more...

Member feedback about Antivirus software:

Utility software types

Revolvy Brain (revolvybrain)

Revolvy User

Malware

(ravinatandon)

Revolvy User


Fuzzing

topic

Fuzzing

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs. This structure is specified, e.g., in a file format or protocol and distinguishes valid from invalid input. An effective fuzzer generates semi-valid inputs that are "valid enough" in that they are not directly rejected by the parser, but do create unexpected behaviors deeper in the program and are "invalid enough" to expose corner cases that have not been properly dealt with. For the purpose of security, input that crosses a trust boundary is often the most interesting.[1] For example, it is more important to fuzz code that handles the upload of a file by any user than it is to fuzz the code that parses a configuration file that is accessible o ...more...

Member feedback about Fuzzing:

Software testing

Revolvy Brain (revolvybrain)

Revolvy User


Rootkit

topic

Rootkit

A root kit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.[1] The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.[1] Rootkit installation can be automated, or an attacker can install it after having obtained root or Administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting a known vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering tactics like "phishing"). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key is the ...more...

Member feedback about Rootkit:

Cryptographic attacks

Revolvy Brain (revolvybrain)

Revolvy User


Network security

topic

Network security

Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and sim ...more...

Member feedback about Network security:

Computer network security

Revolvy Brain (revolvybrain)

Revolvy User


Multi-factor authentication

topic

Multi-factor authentication

Multi-factor authentication (MFA) is a method of confirming a user's claimed identity in which a user is granted access only after successfully presenting 2 or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something they and only they know), possession (something they and only they have), and inherence (something they and only they are).[1][2] Two-factor authentication (also known as 2FA) is a type (subset) of multi-factor authentication. It is a method of confirming a user's claimed identity by utilizing a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are. A good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, something that the user knows) allows the transaction to be carried out. Two-step verification or two-step authentication is a method of confirming a user ...more...

Member feedback about Multi-factor authentication:

Computer access control

Revolvy Brain (revolvybrain)

Revolvy User

Research SDMN

Muhammad Emran (memran)

Revolvy User


Authorization

topic

Authorization

Authorization is the function of specifying access rights/privileges to resources related to information security and computer security in general and to access control in particular.[1] More formally, "to authorize" is to define an access policy. For example, human resources staff is normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authentication) shall be approved (granted) or disapproved (rejected) [2]. Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer Software and other Hardware on the computer. Overview Access control in computer systems and networks rely on access policies. The access control process can be divided into the following phases: policy definition phase where access is au ...more...

Member feedback about Authorization:

Computer access control

Revolvy Brain (revolvybrain)

Revolvy User


Cyber security standards

topic

Cyber security standards

Cybersecurity standards (also styled cyber security standards)[1] are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization.[2] This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. The principal objective is to reduce the risks, including prevention or mitigation of cyber-attacks. These published materials consist of collections of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies. History Cybersecurity standards have existed over several decades as users and providers have collaborated in many domestic and international forums to effect the necessary capabilities, policies, and practices - generally emerging from work at the Stanford Consortium for Research on Informat ...more...

Member feedback about Cyber security standards:

Computer security procedures

Revolvy Brain (revolvybrain)

Revolvy User

Infosec

(stuza1)

Revolvy User


Mobile device management

topic

Mobile device management

Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablet computers, laptops and desktop computers. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices. Overview MDM is a way to ensure employees stay productive and do not breach corporate policies. Many organizations control activities of their employees using MDM products/services. MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on devices, enforcing corporate policies, integrating and managing mobile devices including laptops and handhelds of various categories. MDM implementations may be either on-premises or cloud-based. MDM functionality can include over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mob ...more...

Member feedback about Mobile device management:

Mobile device management

Revolvy Brain (revolvybrain)

Revolvy User


Web application security

topic

Web application security

Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems.[1] Security threats With the emergence of Web 2.0, increased information sharing through social networking and increasing business adoption of the Web as a means of doing business and delivering service, websites are often attacked directly. Hackers either seek to compromise the corporate network or the end-users accessing the website by subjecting them to drive-by downloading.[2][3] As a result, industry[4] is paying increased attention to the security of the web applications[5] themselves in addition to the security of the underlying computer network and operating systems. The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attacks[6] which typically result from flawe ...more...

Member feedback about Web application security:

Web applications

Revolvy Brain (revolvybrain)

Revolvy User


Computer security software

topic

Computer security software

Computer security software or cybersecurity software is any computer program designed to enhance information security. The defense of computers against intrusion and unauthorized use of resources is called computer security. Similarly, the defense of computer networks is called network security. Types of security software Access control Anti-keyloggers Anti-malware Anti-spyware Anti-subversion software Anti-tamper software Antivirus software Cryptographic software Computer Aided Dispatch (CAD) E-mail Screening Firewall Intrusion detection system (IDS) Intrusion prevention system (IPS) Log management software Ransomware prevention Records Management Sandbox Security information management SIEM See also Computer security Data security Emergency management software ...more...

Member feedback about Computer security software:

Infosec

(stuza1)

Revolvy User

Computer security software

Revolvy Brain (revolvybrain)

Revolvy User

poftut

(poftut)

Revolvy User


Vulnerability scanner

topic

Vulnerability scanner

A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for known weaknesses. In plain words, these scanners are used to discover the weak points or poorly constructed parts. It's utilized for the identification and detection of vulnerabilities relating to mis-configured assets or flawed software that resides on a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners will allow for both authenticated and unauthenticated scans to occur. Modern scanners are typically available as SaaS (Software as a Service) by providers over the internet as a web application and the amount of host information is vast. The modern vulnerability scanner has the capabilities to customize vulnerability reports, installed software, open ports, certificates and much other host information that can be queried by users to increase network security. Authenticated scans allow for the scanner to directly access ne ...more...

Member feedback about Vulnerability scanner:

Computer security software

Revolvy Brain (revolvybrain)

Revolvy User


Security-focused operating system

topic

Security-focused operating system

This is a list of operating systems with a sharp security focus. Here, "security-focused" means that the project is specifically focused on security. General-purpose operating systems may be extremely secure without being specifically "security-focused." Other similar concepts include security-evaluated operating systems -- operating systems that have achieved certification from an external security-auditing organization -- and trusted operating systems -- operating systems that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements. This list is alphabetical and does not imply a ranking. Android-based CopperheadOS is a hardened FOSS operating system based on the Android mobile platform, which uses an unofficial port of PaX.[1][2][3] PrivatOS is a hardened proprietary operating system for BlackPhone. Replicant is a FOSS operating system based on the Android mobile platform, which aims to replace all proprietary Android ...more...

Member feedback about Security-focused operating system:

Operating system technology

Revolvy Brain (revolvybrain)

Revolvy User


Vulnerability (computing)

topic

Vulnerability (computing)

In computer security, a vulnerability is a weakness which can be exploited by a Threat Actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities.[1] This practice generally refers to software vulnerabilities in computing systems. A security risk is often incorrectly classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is the potential of a significant impact resulting from the exploit of a vulnerability. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as ...more...

Member feedback about Vulnerability (computing):

Software testing

Revolvy Brain (revolvybrain)

Revolvy User

Infosec

(stuza1)

Revolvy User


Payment gateway

topic

Payment gateway

A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar.[1] The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider. A payment gateway facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank. Typical transaction processes When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction.[2] A customer places an order on website by pressing the 'Submit Order' or equivalent button, or perhaps enters their card details using an automatic phone answering service. If the ...more...

Member feedback about Payment gateway:

Electronic funds transfer

Revolvy Brain (revolvybrain)

Revolvy User


Security testing

topic

Security testing

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing security testing is not an indication that no flaws exist or that the system adequately satisfies the security requirements. Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation.[1] Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from. Confidentiality A security measure which protects against the disclosure of information to parties other than the intended recipient is by no means the only way of ensu ...more...

Member feedback about Security testing:

Software testing

Revolvy Brain (revolvybrain)

Revolvy User


Cyberstrategy 3.0

topic

Cyberstrategy 3.0

Cyberstrategy 3.0 is the United States information warfare strategy against cyberwarfare. This strategy uses deterrence based on making infrastructure robust and redundant enough to survive any Internet cyber attack. A good example of this concept can be seen in action in a cyber strategy game like CyberStratG. [1]. [2]. References Washington Post: Pentagon's cybersecurity plans have a Cold War chill CyberStratG ...more...

Member feedback about Cyberstrategy 3.0:

Electronic warfare

Revolvy Brain (revolvybrain)

Revolvy User


3-D Secure

topic

3-D Secure

3-D Secure is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions. It was originally developed by Arcot Systems (now CA Technologies) and first deployed[1] by Visa with the intention of improving the security of Internet payments and is offered to customers under the name Verified by Visa. Services based on the protocol have also been adopted by MasterCard as MasterCard SecureCode, and by JCB International as J/Secure. American Express added 3-D Secure on November 8, 2010, as American Express SafeKey, in select markets and continues to launch additional markets.[2] Analysis of the protocol by academia has shown it to have many security issues that affect the consumer, including greater surface area for phishing and a shift of liability in the case of fraudulent payments.[3] 3-D Secure adds an authentication step for online payments. Description and basic aspects The basic concept of the protocol is to tie the financial authorization process with an ...more...

Member feedback about 3-D Secure:

Cryptographic protocols

Revolvy Brain (revolvybrain)

Revolvy User


Cyberwarfare

topic

Cyberwarfare

Cyberwarfare is the use or targeting in a battlespace or warfare context of computers, online control systems and networks.[1] It involves both offensive and defensive operations pertaining to the threat of cyberattacks, espionage and sabotage.[1] There has been controversy over whether such operations can be called "war". Nevertheless, powers have been developing cyber capabilities and engaged in cyberwarfare, both offensively and defensively, including the United States, China, Russia, Israel and the United Kingdom. Two other notable players are Iran and North Korea.[2] Definition A number of definitions of cyber warfare have been proposed, with no single definition being widely adopted internationally. Richard A. Clarke defines it as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption",[3]:6. Martin Libicki defines two types of cyber warfare: strategic and operational. Strategic being "a campaign of cyberattacks one entity carrie ...more...

Member feedback about Cyberwarfare:

Cyber

(jadair01)

Revolvy User

Hacking (computer security)

Revolvy Brain (revolvybrain)

Revolvy User


Application security

topic

Application security

Application security encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities. Different techniques are used to surface such security vulnerabilities at different stages of an applications lifecycle such design, development, deployment, upgrade, maintenance. An always evolving but largely consistent set of common security flaws are seen across different applications, see common flaws Terms Asset. A resource of value such as the data in a database, money in an account, file on the filesystem or any system resource. Vulnerability. A weakness or gap in security program that can be exploited by threats to gain unauthorized access to an asset. Attack (or exploit). An action taken to harm an asset. Threat. Anything that can exploit a vulnerability and obtain, damage, or destroy an asset. Techniques Different techniques will find different subsets of the security vulnerabilities lurking in an application and are most effective ...more...

Member feedback about Application security:

Computer security

Revolvy Brain (revolvybrain)

Revolvy User


Software development security

topic

Software development security

Security, as part of the software development process, is an ongoing process involving people and practices, and ensures application confidentiality, integrity, and availability. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind.[1] Security is most effective if planned and managed throughout every stage of software development life cycle (SDLC), especially in critical applications or those that process sensitive information. The solution to software development security is more than just the technology. Software development challenges As technology advances, application environments become more complex and application development security becomes more challenging. Applications, systems, and networks are constantly under various security attacks such as malicious code or denial of service. Some of the challenges from the application development security point of view include Viruses, Trojan horses, ...more...

Member feedback about Software development security:

Computer security templates

Revolvy Brain (revolvybrain)

Revolvy User


Runtime application self-protection

topic

Runtime application self-protection

Runtime application self-protection (RASP) is a security technology that uses runtime instrumentation to detect and block computer attacks by taking advantage of information from inside the running software. The technology differs from perimeter-based protections such as firewalls, that can only detect and block attacks by using network information without contextual awareness. RASP technology is said to improve the security of software by monitoring its inputs, and blocking those that could allow attacks, while protecting the runtime environment from unwanted changes and tampering. When a threat is detected RASP can prevent exploitation and possibly take other actions, including terminating a user's session, shutting the application down, alerting security personnel and sending a warning to the user. Implementation RASP can be integrated as a framework or module that runs in conjunction with a program's codes, libraries and system calls. The technology can also be implemented as a virtualization. In some ap ...more...

Member feedback about Runtime application self-protection:

Computer security

Revolvy Brain (revolvybrain)

Revolvy User


List of computer security certifications

topic

List of computer security certifications

Credentialing is the process of establishing the qualifications of licensed professionals, organizational members or organizations, and assessing their background and legitimacy. In the Computer security or Information security fields, there are a number of tracks a professional can take to demonstrate qualifications. Four sources categorizing these, and many other credentials, licenses and certifications, are: 1. Schools and Universities; 2. "Vendor" sponsored credentials (e.g. Microsoft, Cisco); 3. Association and Organization sponsored credentials; 4. Governmental (or quasi governmental) body sponsored licenses, certifications and credentials. Quality and acceptance vary worldwide for IT security credentials, from well-known and high quality examples like a master's degree in the field from an accredited school, CISSP, and Microsoft certification, to a controversial list of many dozens of lesser known credentials and organizations. In addition to certification obtained by taking courses and/or passing e ...more...

Member feedback about List of computer security certifications:

Computer occupations

Revolvy Brain (revolvybrain)

Revolvy User


Security bug

topic

Security bug

A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of: Authentication of users and other entities [1] Authorization of access rights and privileges [1] Data confidentiality Data integrity Security bugs need not be identified nor exploited to qualify as such. Causes Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:[2] Software developer training Use case analysis Software engineering methodology Quality assurance testing ...and other best practices Taxonomy Security bugs generally fall into a fairly small number of broad categories that include:[3] Memory safety (e.g. buffer overflow and dangling pointer bugs) Race condition Secure input and output handling Faulty use of an API Improper use case handling Improper exception handling Resou ...more...

Member feedback about Security bug:

Software testing

Revolvy Brain (revolvybrain)

Revolvy User


Email encryption

topic

Email encryption

Email encryption is encryption of email messages to protect the content from being read by other entities than the intended recipients. Email encryption may also include authentication. Email is prone to disclosure of information. Most emails are currently transmitted in the clear (not encrypted) form. By means of some available tools, persons other than the designated recipients can read the email contents.[1] Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send. Encryption protocols Notable protocols for email encryption include: Bitmessage GNU Privacy Guard (GPG) Pretty Good Privacy (PGP) S/MIME TLS Mail sessions encryption The STARTTLS SMTP extension is a TLS (SSL) layer on top of the SMTP connection. While it protects traffic from being sniffed during transmission, it is tech ...more...

Member feedback about Email encryption:

Email

Revolvy Brain (revolvybrain)

Revolvy User


TeleMessage

topic

TeleMessage

TeleMessage is an American software company based in Boston, Massachusetts. Founded in 1999, its messaging solution portfolio includes secure enterprise messaging, mobile communications archiving and high-volume text messaging services. Corporate history TeleMessage was founded in 1999 in Tel Aviv, Israel raising more than 10 million dollars in its first 2 series of investment rounds.[1] In August 2005, Messaging International PLC acquired TeleMessage. The company then went public and was traded on the London Stock Exchange AIM section under the Messaging International name.[2] In August 2016, after being a public company for 11 years, TeleMessage delisted from the London Stock Exchange and privatized. All management and major shareholders remain the same. Guy Levit is the current CEO and Horacio Furman is the company chairman. Products TeleMessage's solutions consists of three product lines: Secure Enterprise Messaging, Mobile Archiver - Mobile Communications Archiving, and Mass Messaging. Secure Enterpr ...more...

Member feedback about TeleMessage:

Software companies of Israel

Revolvy Brain (revolvybrain)

Revolvy User


Mobile banking

topic

Mobile banking

Mobile banking is a service provided by a bank or other financial institution that allows its customers to conduct financial transactions remotely using a mobile device such as a smartphone or tablet. Unlike the related internet banking it uses software, usually called an app, provided by the financial institution for the purpose. Mobile banking is usually available on a 24-hour basis. Some financial institutions have restrictions on which accounts may be accessed through mobile banking, as well as a limit on the amount that can be transacted. Transactions through mobile banking may include obtaining account balances and lists of latest transactions, electronic bill payments, and funds transfers between a customer's or another's accounts. Some apps also enable copies of statements to be downloaded and sometimes printed at the customer's premises; and some banks charge a fee for mailing hardcopies of bank statements. From the bank's point of view, mobile banking reduces the cost of handling transactions by r ...more...

Member feedback about Mobile banking:

Banking technology

Revolvy Brain (revolvybrain)

Revolvy User


Software security assurance

topic

Software security assurance

Software security assurance is a process that helps design and implement software that protects the data and resources contained in and controlled by that software. Software is itself a resource and thus must be afforded appropriate security. Since the number of threats specifically targeting software is increasing, the security of our software that we produce or procure must be assured. "Dependence on information technology makes software assurance a key element of business continuity, national security, and homeland security."[1] What is software security assurance? Software Security Assurance (SSA) is the process of ensuring that software is designed to operate at a level of security that is consistent with the potential harm that could result from the loss, inaccuracy, alteration, unavailability, or misuse of the data and resources that it uses, controls, and protects. The software security assurance process begins by identifying and categorizing the information that is to be contained in, or used by, ...more...

Member feedback about Software security assurance:

Security engineering

Revolvy Brain (revolvybrain)

Revolvy User


Customer-premises equipment

topic

Customer-premises equipment

Customer-premises equipment or customer-provided equipment (CPE) is any terminal and associated equipment located at a subscriber's premises and connected with a carrier's telecommunication circuit at the demarcation point ("demarc"). The demarc is a point established in a building or complex to separate customer equipment from the equipment located in either the distribution infrastructure or central office of the communications service provider. CPE generally refers to devices such as telephones, routers, network switches, residential gateways (RG), set-top boxes, fixed mobile convergence products, home networking adapters and Internet access gateways that enable consumers to access communications service providers' services and distribute them around their house via a local area network (LAN). A CPE can be an active equipment, as the ones mentioned above or a passive equipment such as analogue-telephone-adapters or xDSL-splitters. Included are key telephone systems and most private branch exchanges. Exc ...more...

Member feedback about Customer-premises equipment:

Telephony equipment

Revolvy Brain (revolvybrain)

Revolvy User


GSM

topic

GSM

The GSM logo is used to identify compatible devices and equipment. The dots symbolize three clients in the home network and one roaming client.[1] GSM (Global System for Mobile communications) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation digital cellular networks used by mobile devices such as tablets, first deployed in Finland in December 1991.[2] As of 2014, it has become the global standard for mobile communications – with over 90% market share, operating in over 193 countries and territories.[3] 2G networks developed as a replacement for first generation (1G) analog cellular networks, and the GSM standard originally described as a digital, circuit-switched network optimized for full duplex voice telephony. This expanded over time to include data communications, first by circuit-switched transport, then by packet data transport via GPRS (General Packet Radio Services) and EDGE (Enhanced Data rates for GSM Evolution ...more...

Member feedback about GSM:

1991 introductions

Revolvy Brain (revolvybrain)

Revolvy User

Research SDMN

Muhammad Emran (memran)

Revolvy User


Data-centric security

topic

Data-centric security

Data-centric security is an approach to security that emphasizes the security of the data itself rather than the security of networks, servers, or applications. Data-centric security is evolving rapidly as enterprises increasingly rely on digital information to run their business and big data projects become mainstream.[1] [2] [3] Data-centric security also allows organizations to overcome the disconnect between IT security technology and the objectives of business strategy by relating security services directly to the data they implicitly protect; a relationship that is often obscured by the presentation of security as an end in itself.[4] Key concepts Common processes in a data-centric security model include:[5] Discover: the ability to know what data is stored where including sensitive information. Manage: the ability to define access policies that will determine if certain data is accessible, editable, or blocked from specific users, or locations. Protect: the ability to defend against data loss or u ...more...

Member feedback about Data-centric security:

Computer security

Revolvy Brain (revolvybrain)

Revolvy User


AppTec

topic

AppTec

AppTec GmbH is a privately held company providing Enterprise Mobility Management software managing applications, configuration, and security of smartphones and tablets. AppTec has its headquarters in Basel, Switzerland. The company also has offices in London and Freiburg. AppTec is used by over 3,800 companies worldwide. History AppTec was founded in 2011 by serial entrepreneur, Sahin Tugcular. Products AppTec Enterprise Mobile Manager: An on-premise or cloudbased Mobile Device Management solution focused on providing mobile device lifecycle management and mobile security across devices, applications, the network, and data. AppTec ContentBox: Enterprise File Sync and Share SecurePIM: Mobile PIM Container App for encrypted communication on mobile devices. Whether for work or play, encrypt and send sensitive data by email, and protect documents, contacts and appointments from third-party access on mobile devices with SecurePIM. AppTec Universal Gateway: Imagine, that during the set up of smartphones and ta ...more...

Member feedback about AppTec:

Computer companies

Revolvy Brain (revolvybrain)

Revolvy User


Wandera

topic

Wandera

Wandera is a privately held company backed by Bessemer Venture Partners and 83North Venture Capital. The SaaS service provides customers with a Secure Mobile Gateway (SMG) which compresses mobile data, enforces acceptable usage policies, provides multi-level mobile threat detection by scanning on device and in the cloud, and provides data usage reporting to business organizations to help protect business data.[2][3] Wandera is co-founded in 2013 by brothers Eldar and Roy Tuvey who formerly co-founded ScanSafe which was acquired by Cisco in 2009.[4] Wandera has offices in London, England, San Francisco, California and Brno, Czech Republic.[5] Recognition In 2013, Wandera was nominated for the Redherring Europe Top 100 Awards.[6] In April 2014, Wandera was named a “Cool Vendor in Enterprise Mobility, 2014″ by Gartner.[7] References "About Wandera". Lunden, Ingrid. "Wandera nabs 7million from Bessemer to Give Enterprises a Way to Control Mobile Data Use Using SaaS". TechCrunch. Retrieved 17 April 2013 ...more...

Member feedback about Wandera:

IOS software

Revolvy Brain (revolvybrain)

Revolvy User


Computer access control

topic

Computer access control

In computer security, general access control includes identification, authorization, authentication, access approval, and audit. A more narrow definition of access control would cover only access approval, whereby the system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords, biometric scans, physical keys, electronic keys and devices, hidden paths, social barriers, and monitoring by humans and automated systems. The two possibilities for imposing computer access control are those based on capabilities and those based on access control lists (ACLs): In a capability-based model, holding an unforge-able reference or capability to an object provides access to the object (roughly analogous t ...more...

Member feedback about Computer access control:

Access control

Revolvy Brain (revolvybrain)

Revolvy User


Microsoft Forefront Threat Management Gateway

topic

Microsoft Forefront Threat Management Gateway

Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly known as Microsoft Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache from Microsoft Corporation. It runs on Windows Server and works by inspecting all network traffic that passes through it.[4] Features Microsoft Forefront TMG offers a set of features which include:[5] Routing and remote access features: Microsoft Forefront TMG can act as a router, an Internet gateway, a virtual private network (VPN) server, a network address translation (NAT) server and a proxy server. Security features: Microsoft Forefront TMG is a firewall which can inspect network traffic (including web contents, secure web contents and emails) and filter out malware, attempts to exploit security vulnerabilities and content that does not match a predefined security policy. In technical sense, Microsoft Forefront TMG offers application layer protection, stateful filtering, content filt ...more...

Member feedback about Microsoft Forefront Threat Management Gateway:

Windows Server System

Revolvy Brain (revolvybrain)

Revolvy User


Network switching subsystem

topic

Network switching subsystem

Network switching subsystem (NSS) (or GSM core network) is the component of a GSM system that carries out call switching and mobility management functions for mobile phones roaming on the network of base stations. It is owned and deployed by mobile phone operators and allows mobile devices to communicate with each other and telephones in the wider public switched telephone network (PSTN). The architecture contains specific features and functions which are needed because the phones are not fixed in one location. The NSS originally consisted of the circuit-switched core network, used for traditional GSM services such as voice calls, SMS, and circuit switched data calls. It was extended with an overlay architecture to provide packet-switched data services known as the GPRS core network. This allows mobile phones to have access to services such as WAP, MMS and the Internet. Mobile switching center (MSC)Description The mobile switching center (MSC) is the primary service delivery node for GSM/CDMA, responsible f ...more...

Member feedback about Network switching subsystem:

Mobile telecommunications

Revolvy Brain (revolvybrain)

Revolvy User


Array Networks

topic

Array Networks

Array Networks is an American networking hardware company. It sells network traffic encryption tools.[1] Array Networks was founded in 2000 by Lawrence Lu and is based in Milpitas, California.[2] Originally called ClickArray Networks, it was renamed Array Networks in 2001 by then-incoming CEO Don Massaro who said the longer name "sounded too dot-commy".[3] It received funding from the venture capital firm U.S. Venture Partners and the private equity firm H&Q Asia Pacific.[4] On May 13, 2009,[1] Array Networks became the first non-Taiwan company to be listed on the Taiwan Stock Exchange.[5] The company sold 54 million shares that had a total value of about $79 million.[1] In 2009, 43% of the company's market share was in China, and its main product type sold there consisted of SSL VPN devices. It also had 200 employees in China, which CEO Michael Zhao said made China a "natural choice" for an IPO,[1] In comparison, the company had 70 employees in Silicon Valley.[4] but because China did not allow non-Ch ...more...

Member feedback about Array Networks:

Networking hardware companies

Revolvy Brain (revolvybrain)

Revolvy User


Merchant services

topic

Merchant services

Merchant services is a broad category of financial services intended for use by businesses.[1] In its most specific use, it usually refers to merchant processing services that enables a business to accept a transaction payment through a secure (encrypted) channel using the customer's credit card or debit card or NFC/RFID enabled device. More generally, the term may include: Credit and debit cards payment processing Check guarantee and check conversion services Automated Clearing House check drafting and payment services Gift card and loyalty programs Payment gateway Merchant cash advances Online transaction processing Point of sale (POS) systems Electronic benefits transfer programs, such as ration stamps (called food stamps in the U.S.). Merchant service providers typically require the merchant to have a merchant account with the provider, either directly or through a referral partner, such as banks or B2B service companies. All banks in the United Kingdom, except for Barclays/Barclaycard, ...more...

Member feedback about Merchant services:

Retail financial services

Revolvy Brain (revolvybrain)

Revolvy User



Next Page
Javascript Version
Revolvy Server https://www.revolvy.com
Revolvy Site Map