How Actively Hunting Datasets & Streams of Traffic Can Prevent Cyber Attacks
Hunting allows an organization to analyze and categorize its network behavior to define accepted baselines of traffic, to ultimately proactively detect threats and existing compromises.
Top 3 Security Vulnerabilities for Mobile Application Businesses
With the increased utilization of mobile devices, securing mobile applications has become a necessary step to help preserve the integrity, confidentiality, and availability of data and communications for businesses and their customers.
Security Bulletin: Oracle WebLogic Vulnerability
Oracle released a patch for CVE-2018-2628; however, the fix did not properly remove the risk. Here is an overview of the vulnerability and our professional recommendations for mitigating its risk.
Strategies to Overcoming Vulnerability Management Obstacles
Vulnerability Management is a critical area in the security industry. As a community, we’ve built tools and created enterprise systems for scanning and classifying vulnerabilities. However, many organizations struggle to reduce risk and prioritize remediation efforts. There are several obstacles to effective vulnerability management, which this paper will identify and provide strategies for overcoming.
Using Lair Can Help CISOs Better Coordinate Testing Efforts
One of the big challenges in security testing is coordination of testing efforts and results between consultants, in multiple locations, working on a single test. Lair is one attempt to create a platform that normalizes input from several common testing tools and provides a single, real-time interface for gathering vulnerability data, tracking progress, and tracking the work of multiple users.
Using Hunt/Burp Suite to Assist in Manual Testing & Methodology
Hunt is a new plugin for the Burp Suite proxy and web application testing framework.
Spectre & Meltdown Vulnerabilities
The Spectre & Meltdown process vulnerabilities have opened the door to a new type of memory vulnerability. In this paper I take the technical write-ups by two of the original research discovery teams and boil them down, peppered with some newer information on how, and what, we can do going forward.