Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Data Security Requirements for Federal Contractors

Federal contractors are private entities that fulfill governmental needs. As such, they are trusted with sensitive, private federal information which makes them obvious targets for cyber attacks. The government has recently ramped up data security requirements for federal contractors, demanding more software, hardware and accountability from them.

Bypassing and exploiting Bucket Upload Policies and Signed URLs

TL;DR Bucket upload policies are a convenient way to upload data to a bucket directly from the client. Going through the rules in upload policies and the logic related to some file-access scenarios we show how full bucket object listings were exposed with the ability to also modify or delete existing files in the bucket.

Application Discovery and Inventory with ImmuniWeb

ImmuniWeb® Discovery is a part of the ImmuniWeb Application Security Testing Platform. Leveraging big data and a non-intrusive OSINT reconnaissance technology, it quickly builds a comprehensive list of your external web and mobile apps for actionable inventory, continuous monitoring, risk and compliance management.

ImmuniWeb AI Application Security Testing Platform Overview

ImmuniWeb® Platform is The Turnkey Service for Application Security Testing. ImmuniWeb® Platform leverages Machine Learning and AI for intelligent automation and acceleration of Application Security Testing (AST). Complemented by scalable and cost-effective manual testing, it detects the most sophisticated vulnerabilities and comes with a zero false-positives SLA.

ITIL, the Change Management Process and Tripwire Enterprise

When I speak with clients about their approach to managing their IT services, many organisations mention ITIL practices as a cornerstone to their approach. This is hardly surprising since the ITIL framework describes a sensible methodology for IT management, looking at the use of technology through the lens of what the business needs.

AlienVault Expands USM Anywhere to Include Endpoint Detection and Response Capabilities

SAN MATEO, Calif. – July 31, 2018 – AlienVault®, the leading provider of Unified Security Management® (USM) and crowdsourced threat intelligence, today announced the general availability of Endpoint Detection and Response (EDR) capabilities in USM Anywhere™. Visit AlienVault’s Black Hat booth #528 from August 7-9 to see a demonstration of endpoint security capabilities in USM Anywhere.

EventSentry v3.5 Released: Windows Process Monitoring to the Max, Registry Tracking, Tags & More

EventSentry v3.5 continues to increase visibility into networks with additional vantage points, making it easier for EventSentry users to reduce their attack surface as well as discover anomalies.

False Positive or the Real Deal?

An ominous flashing red light on a blacked-out computer screen means the promise of a threat. It was 21:26 on a Sunday night and an Intrusion Prevention System (IPS) alert shot across one of our screens. A security analyst usually has just minutes to respond, carry out an investigation on behalf of the organisation under threat and make a critical decision.