Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Proactively Hardening Systems: Application and Version Hardening

The first article in this series examined configuration hardening, essentially looking at ports, processes and services as the “doors, gates and windows” into a network where security configuration management (SCM) becomes the job of determining which of these gateways should be open, closed, or locked at any given time. Now it’s time to look at application and version hardening.

Five top tips for booking a penetration test

Last week, we spoke about the common issues that come up throughout a penetration test. We left out what many of our penetration testers think of as the ‘biggest issues’, however, as the finished article rivalled Dickens at his wordiest. Still, they’re definitely worth raising, as some of the most common issues that emerge from a penetration test don’t involve misconfigurations, vulnerabilities or hacking of any kind.

Weekly Cyber Security News 05/10/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Development frameworks are wonderful, can’t disagree there, they do make life easier by taking away tedious process. Obviously their increased complexity in hiding this tedium from the dev means debugging can be tricky at times. So they often included some quite revealing debug modes that can help…. Only that they really are for the eyes of the dev and not the public.

Vulnerability Scanning vs. Penetration Testing

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis and are required by standards such as PCI, HIPAA and ISO 27001.

Don't Use Production Data In Your Test Environment: The Impact Of Leaked Test Credentials

To deliver technology products and services, companies use multiple technology environments so that changes, updates, and testing can be completed in a controlled way without interrupting customer experience. This is a best practice approach that maintains high levels of system stability, uptime and security. These “non-production”, or test environments should ideally be completely disconnected from production environments to prevent security incidents and bugs.

Sales Play Book - Value Proposition

Today’s email attacks (ransomware, business email compromise, and sandbox evasion) have evolved, and are outpacing the tools developed to combat them. While they may help with some aspects of email security or stop some attacks, they don’t solve the whole problem and attacks need only succeed once to seriously harm people, data, and brands. Partial security is not security.

Observability and Visibility in DevSecOps

Companies often turn to software as a solution when they need to solve a problem. Whether it’s to automate or enhance a task, or gain valuable information in an easily consumable fashion. The same is true for security teams on both sides of the red and blue line. Security professionals build tools to automate exploitation, detect attacks, or process large amounts of data into a usable form.