Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Security Orchestration Use Case: Importance of Vulnerability Management Automation

Vulnerability management is a proactive approach that mitigates or prevents the exploitation of IT vulnerabilities that may exist in corporate critical systems or network. This approach involves a number of steps that include identification, classification, remediation, and mitigation of numerous vulnerabilities. According to CVE Details Report, 15703 vulnerabilities have been identified in 2018, compared to 14714 in 2017.

What Type of Vulnerabilities Does a Penetration Test Look For?

Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing. Pen testing is vital for any kind of organization with an IT system or website. A recent survey of penetration testers revealed that 88 percent of those questioned said they could infiltrate organizations and steal data within 12 hours.

The Art and Science of Secure Coding: Key Practices that Stand Out

Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats.

Infosec Problems For 2019 and Beyond: Patching, Bug Bounties and Hype

Details of a Virtual Box 0-day privilege escalation bug were disclosed on GitHub earlier this week. This was the work of independent Russian security researcher Sergey Zelenyuk, who revealed the vulnerability without any vendor coordination as a form of protest against the current state of security research and bug bounty programs.

Apache Struts Vulnerabilities vs Spring Vulnerabilities

Developers the world over depend on the Apache Struts open source framework to build valuable and powerful applications. This open source component and the Apache Software Foundation that stands behind it have provided organizations with a cost-effective force multiplier that allows their teams to develop faster and more efficiently. A very active project, GitHub shows Apache Struts as having 5,441 commits and 112 releases.

Auditing Amazon Machine Images with Tripwire for DevOps

Tripwire for DevOps continues to add new features and capabilities. The newest of these is the ability to perform vulnerability scans against Amazon Machine Images (AMIs) in the same Tripwire for DevOps workflow used for your Docker containers. This blog will discuss the creation of AMIs and how to audit them for vulnerabilities within Tripwire for DevOps.

Vulnerability Scanning vs. Penetration Testing

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis and are required by standards such as PCI, HIPAA and ISO 27001.

The Five Stages of Vulnerability Management

A key to having a good information security program within your organization is having a good vulnerability management program. Most, if not all, regulatory policies and information security frameworks advise having a strong vulnerability management program as one of the first things an organization should do when building their information security program. The Center for Internet Security specifically lists it as number three in the Top 20 CIS Controls.