Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Proactive System Hardening: Continuous Hardening's Coming of Age

The first article in this series examined configuration hardening—essentially looking at ports, processes and services where security configuration management (SCM) is key. The second article looked at application and version hardening strategies. This third installment will discuss the role of automation in the coming of age of what’s called “continuous hardening.”

5 Steps to Maximize Your Financial Data Protection

A series of high-profile data breaches in 2017 made it clear that it's becoming more difficult to protect your and your customer's sensitive information from nefarious agents. As businesses expand, they develop and implement security policies that help protect their sensitive information from outsiders.

Proactively Hardening Systems: Application and Version Hardening

The first article in this series examined configuration hardening, essentially looking at ports, processes and services as the “doors, gates and windows” into a network where security configuration management (SCM) becomes the job of determining which of these gateways should be open, closed, or locked at any given time. Now it’s time to look at application and version hardening.

Five top tips for booking a penetration test

Last week, we spoke about the common issues that come up throughout a penetration test. We left out what many of our penetration testers think of as the ‘biggest issues’, however, as the finished article rivalled Dickens at his wordiest. Still, they’re definitely worth raising, as some of the most common issues that emerge from a penetration test don’t involve misconfigurations, vulnerabilities or hacking of any kind.

Weekly Cyber Security News 05/10/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Development frameworks are wonderful, can’t disagree there, they do make life easier by taking away tedious process. Obviously their increased complexity in hiding this tedium from the dev means debugging can be tricky at times. So they often included some quite revealing debug modes that can help…. Only that they really are for the eyes of the dev and not the public.

Vulnerability Scanning vs. Penetration Testing

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis and are required by standards such as PCI, HIPAA and ISO 27001.