View All Publications

Real-World Data Breach Protection Techniques
This white paper explains the strategies and techniques used by McAfee Network Data Loss Prevention to protect data-in-motion. Understand the importance of both the content and context of sensitive data when detecting and preventing data exfiltration.
Topics: Foundstone

Secure Coding for Android Applications
More than one billion Android devices have been activated to date, and it’s estimate that 1.4 million devices are activated per day. The rapidly increasing popularity of this mobile OS demands that developers understand how to create secure Android applications. This white paper focuses on secure coding practices for Android applications.
Topics: Foundstone

PCI Guidance: Microsoft Windows Logging
This paper discusses what is involved in establishing logging for Microsoft Windows systems, and discusses how those settings will also be useful in detecting system anomalies that could be indicative of system misuse or even a system breach.
Topics: Foundstone

Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked
How familiar are you with low-hanging fruit — the easiest ways for attackers to gain entry to your network and potentially run off with your valuable data? This white paper explores penetration tests that you can perform at your organization to gain an understanding of how to apply the proper defenses to prevent exploitation of the top five low-hanging fruit.
Topics: Foundstone

Achieving Security through Compliance
This paper will illustrate how a well-structured security governance program with fully developed and implemented policies, plans, and procedures will strengthen an organization’s security posture.
Topics: Foundstone

A Pentester's Guide to Hacking ActiveMQ-Based JMS Applications
Enterprise messaging systems (EMS) are highly reliable, flexible, and scalable systems that allow asynchronous message processing between two or more applications. This paper provides guidance on penetration testing techniques to assess the security of ActiveMQ-based EMS written using the Java Message Service API.
Topics: Foundstone

Building & Maintaining a Business Continuity Program
Business continuity planning is a critical function that involves many different personnel and departments over multiple phases. As with many business continuity programs, an iterative process is most effective in developing a refined set of procedures and plans.
Topics: Foundstone

Creating and Maintaining a SOC
Organizations are investing in the development of security operations centers (SOCs) to provide increased security and rapid response to events throughout their networks. But building a SOC can be a monumental task. This paper explains how strong people and well-defined processes can result in an operationally effective SOC.
Topics: Foundstone

McAfee ePolicy Orchestrator: Creating an Apache HTTP Repository
This document describes how to configure Apache and Samba running on a Linux operating systems (OS) platform for the purpose of creating an Apache HTTP Repository for McAfee ePolicy Orchestrator. The Apache repository will allow customers to meet the requirement to have a Linux repository.
Topics: Foundstone, Security Management

Detecting Botnet Propagation
Discovering and triaging network threats can be tricky, but a few tools and techniques can alleviate this stress. This paper explains botnet propagation techniques uncovered during a recent investigation along with the tools and techniques used to quickly evaluate two separate events.
Topics: Foundstone