Design quality audits are sometimes overlooked in software due diligence, but they are vital to understanding the overall health of a company’s software system. When software is part of an M&A transaction, performing technical due diligence is a critical part of the process. There’s a lot to cover when it comes to software due diligence, and you can learn more by reading our take on the specific areas of the process, but today we’d like to discuss software quality.

We believe that continuous communication with our clients prior to, during, and, after a penetration testing engagement is vital to ensure that you get the best service from us. In this blog post we would like to discuss the events that should take place once you receive your penetration testing report so you can gain the most value from our services.

December 2020, the weeks before Christmas, saw an increase in reported malware activity that culminated most prominently in the Sunburst Trojan attacks - events that are still developing as of today. As we were asserting our readiness to respond to new threats under our watch, we identified a suspicious executable being copied to a remote network share.

In this blog we will explore several ways that Alternate Data Streams (ADS) are abused by attackers to hide files and evade detection, defences based on them (and ways to bypass those defences!) but also how they can be used to help malware evade dynamic analysis.

Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity.

Cybersecurity is increasingly becoming a topic for legislators, especially for the public sector, critical infrastructure, healthcare, education, the financial and insurance sectors. In the US, in addition to several federal laws (HIPAA, HITECH, GLBA, SOX, FISMA, CISA), there are many state-level laws that impose some level of cybersecurity requirement (we have excluded the ones regarding election security in particular, as that’s a separate topic of discussion)

The annual list of top security projects from Gartner provides key insights on where security leaders should focus their limited time and resources to be the most effective at protecting their data, users, and infrastructure. Netskope provides value for each of the top 10 recommended security projects for this year and next, including many critical capabilities. This blog series will highlight each Gartner recommendation and how Netskope specifically can help.

If you’re looking to start or optimize an AppSec program in 2021, the Forrester WaveTM report is a good place to begin your research. The report not only details essential elements of AppSec solutions, but also ranks 12 static application security testing (SAST) vendors based on their current offering, strategy, and market presence. Development speeds and methods are changing and the requirements for a SAST solution are evolving as well.

Over the past decade, we’ve seen a massive shift towards relying on cloud technologies for everything we do, from watching TV shows and movies to sharing photos. Organizations have done the same. To increase efficiency and availability, they have moved their data and workloads to the cloud. But in a world of expanding threats, it has become necessary to implement additional layers of security for cloud data, applications and services to ensure privacy remains a top priority.

On February 11, 2020, Offensive Security introduced a major overhaul and update to their already fantastic course: Penetration Testing with Kali Linux. Those changes included updates to their lab environment. The study materials were substantially updated, with additional material including entire new sections on Bash Scripting, Active Directory Attacks, and PowerShell Empire.