Blog Posts Tagged with "Vulnerability Assessments"
Three Tips for Effective Vulnerability Assessments
January 23, 2013 Added by:Dan Dieterle
Regular vulnerability assessments are essential because threats to your network security continually change and evolve, and your security should be able to match this. A user’s PC or network access point might be secure today, but it could become completely vulnerable tomorrow...
Comments (0)
Hacking Exposed 7: Network Security Secrets and Solutions
September 23, 2012 Added by:Ben Rothke
With the release of Hacking Exposed 7: Network Security Secrets & Solutions, authors Stuart McClure, Joel Scambray and George Kurtz (along with over 10 contributing authors) provide an up to date version to the original classic. The book includes the essentials of hacking...
Comments (0)
Securing Your Application Perimeter: Getting Results
September 08, 2012 Added by:Fergal Glynn
What applications should you be testing? Just because the discovery process identifies 300 web applications doesn’t mean that you’d want to test the 30 that clearly should be decommissioned...
Comments (0)
Backtrack 5 r3 List of (Some of the) New Tools and Programs
August 27, 2012 Added by:Dan Dieterle
What are the new utilities included with Backtrack 5r3? I couldn’t find a list, so I decided to make one myself comparing BT5r2 with the latest version. This is not an exhaustive list, but hopefully it will help people see some of the very cool new tools and programs added to Backtrack...
Comments (1)
Information Security, Hackers, and Vigilance
July 30, 2012 Added by:Tripwire Inc
The bottom line: Attackers are always looking for mistakes, outliers, and inconsistencies so they can use them against you. This means your security programs need to be robust, resilient, measurable, and – as much as possible – consistent (vs. ad hoc)...
Comments (0)
To “Open Source” or “Not to Open Source”
July 27, 2012 Added by:Andrew Sanicola
Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...
Comments (0)
Energy Department Develops Tool for Electric Grid Cybersecurity
July 19, 2012 Added by:Headlines
“The new Cybersecurity Self-Evaluation Survey Tool for utilities is vitally important in today’s environment where new cyber threats continue to emerge. Adoption by the electric sector will further protect critical infrastructure and... provide an invaluable view of the industry’s cybersecurity capabilities.”
Comments (0)
Penetration Testing the Cloud: Three Important Points
July 17, 2012 Added by:Brandon Knight
One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...
Comments (1)
A Step-by-Step Guide for Choosing the Best Scanner
July 16, 2012 Added by:Shay Chen
There hasn't been any independent methodology for evaluating web application vulnerability scanners in a while. The following is a comprehensive guide for choosing the best scanner based on conclusions from the 2012 benchmark study - a comparison of 10 crucial aspects of 60 web application vulnerability scanners...
Comments (0)
Vulnerability Scans too Disruptive to Conduct Regularly
July 12, 2012 Added by:Headlines
“Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for ‘spot checks’ that aren’t effective at minimizing risks. Critical vulnerabilities have to be identified, prioritized, and remediated daily..."
Comments (4)
The Perils Of Automation In Vulnerability Assessment
June 25, 2012 Added by:Ian Tibble
“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...
Comments (5)
What’s Going Right with Your Secure Development Efforts?
May 04, 2012 Added by:Fergal Glynn
Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?
Comments (0)
Three Areas to Test when Assessing Mobile Applications
May 02, 2012 Added by:Tom Eston
Mobile Application testing is something that will evolve as mobile apps get more complex and the business drives more towards mobile solutions. If you’re deploying mobile apps for your business it’s more important than ever to have testing done on three areas at a minimum....
Comments (1)
The Role of Penetration Testing in the Infosec Strategy
March 26, 2012 Added by:Ian Tibble
For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...
Comments (2)
Out With the New, In With the Old: OS Security Revisited
March 06, 2012 Added by:Ian Tibble
Operating System Security is radically under-appreciated, and this has been the case since the big bang of security practices in the mid-90s. OS security, along with application security, is the front line in the battle against hackers, but this has not been widely realized...
Comments (0)
On Vulnerability Assessments and Penetration Tests
January 10, 2012 Added by:Drayton Graham
Simply put, a Vulnerability Assessment is a piece of code that will identify and report on known vulnerabilities, but a scanner will likely run into false positives. A Penetration Test goes a step further in that a human exploits vulnerabilities, but false positives do not exist...
Comments (0)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform