Software Integrity

Search Results for 'vulnerability assessment'

 

Handle with care: You have my vulnerability assessment report!

Does your organization rely heavily on vendor products or applications for streamlining processes? Do you wonder what threats your data is being exposed to while it’s handled by these applications? Are you a vendor trying to assure clients that your applications are secure—without divulging too much information? Have you faced situations where your client demands […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Handle with care: You have my vulnerability assessment report!

 

The complete security vulnerability assessment checklist

A vulnerability assessment is the process that identifies and assigns severity levels to security vulnerabilities in Web applications that a malicious actor can potentially exploit. The assessment is conducted manually and augmented by commercial or open source scanning tools to guarantee maximum coverage. This essential checklist is your playbook when it comes to comprehensively testing a Web […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on The complete security vulnerability assessment checklist

 

Vulnerability assessment tools to strengthen your web AppSec stance

A good application security program includes a combination of various secure processes, practices, and different tooling options. Choosing the appropriate vulnerability assessment tools should always be the first step in assessing your web application security. These tools help prioritize vulnerabilities based on severity and report the vulnerabilities to allow for a systematic remediation process. Additionally, […]

Continue Reading...

Posted in Web Application Security | Comments Off on Vulnerability assessment tools to strengthen your web AppSec stance

 

“Easy” to hack Apache Struts vulnerability CVE-2017-9805

“This is as serious as it gets; if remote attackers are allowed to exploit the newly identified vulnerability it can critically damage thousands of enterprises.” Oege de Moor, CEO and founder of Semmle. Dozens of Fortune 100 companies are at risk after security researchers at lgtm.com discovered a critical Apache Struts security flaw (CVE-2017-9805) that […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on “Easy” to hack Apache Struts vulnerability CVE-2017-9805

 

The greatest security vulnerability: Humans

In the security industry, we hold the following words near and dear to our work: “Humans are the weakest link in the security supply chain.” Even companies with solid, well-built security standards are prone to human error. This is because humans are the most important part of information security and all humans make mistakes. According […]

Continue Reading...

Posted in Red Teaming | Comments Off on The greatest security vulnerability: Humans

 

New risk assessments for old medical device security flaws

On Wednesday, representatives from MITRE proposed risk assessments for medical devices using existing frameworks. Presenting at SOURCE Boston Penny Chase and Steve Christey Coley, of the MITRE Corporation noted that that medical devices incorporate the use of third-party software, operating systems, and workstations; are subject to regulation, which can limit ability to patch and reconfigure […]

Continue Reading...

Posted in Medical Device Security | Comments Off on New risk assessments for old medical device security flaws

 

Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

The Samsung Galaxy phone hack was not caused by “one bug.” It was due to a chain of several failures, which makes it difficult to say who is at fault and how the Samsung hack could have been avoided. Don’t jump to conclusions! How did the Samsung Galaxy get hacked? Issue 1: Samsung uses a […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

 

Heartbleed vulnerability: What should you do?

By now, you’ve surely heard about the Heartbleed vulnerability (CVE-2014-0160) in OpenSSL 1.0.1 through 1.0.1f (inclusive). The vulnerability has been present in OpenSSL since December 2011. Many websites have discussed the details of the bug, and I will not go into the deep technical details here. I will describe the bug at a high level, […]

Continue Reading...

Posted in Fuzz Testing, Web Application Security | Comments Off on Heartbleed vulnerability: What should you do?

 

Both consumers and retailers need to up their cyber security to make holidays happy

We’ve got some Black Friday advice for retailers and shoppers who want to keep everyone’s data safe and secure, for a truly happy holiday season.

Continue Reading...

Posted in General | Comments Off on Both consumers and retailers need to up their cyber security to make holidays happy

 

GDPR raises the stakes on data breaches

Another week, another list of data breaches resulting from vulnerabilities in third-party contractors for high-profile companies. But since May 25, at least in the European Union (EU), it is more than just another week. There is the potential for something both more harsh and more expensive than unhappy customers, brand damage, or even class action […]

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on GDPR raises the stakes on data breaches