Software Security

Archive for the 'Red Teaming' Category

 

Think like an attacker during 2-day red team workshop

Most developers focus their day-to-day thought processes on building software rather than breaking it. Meanwhile, organizations face growing and evolving threats against their digital assets and infrastructure. That’s why it’s critically important for security operations and development teams to think defensively. Thinking of any and every possible attack is what red teaming is all about. A […]

Continue Reading...

Posted in Red Teaming, Security Training | Comments Off on Think like an attacker during 2-day red team workshop

 

Lessons learned from this year’s biggest security breaches

As this year draws to a close, we can look back on 2016 and see what challenges the security industry has had to overcome. Jumping on this bandwagon a bit early, I hope to draw attention to some of the more difficult challenges our industry will face in the coming year. In order to do […]

Continue Reading...

Posted in Data Breach, Internet of Things, Red Teaming, Software Security Testing | Comments Off on Lessons learned from this year’s biggest security breaches

 

The greatest security vulnerability: Humans

In the security industry, we hold the following words near and dear to our work: “Humans are the weakest link in the security supply chain.” Even companies with solid, well-built security standards are prone to human error. This is because humans are the most important part of information security and all humans make mistakes. According […]

Continue Reading...

Posted in Red Teaming | Comments Off on The greatest security vulnerability: Humans

 

How can red team simulated attacks protect the digital world?

During the red teaming process, attackers physically enter target facilities. This testing activity tends to be overlooked or downplayed in security testing results. But, it’s important not to forget that old-fashioned attack methods still work. To guard against a physical security breach, it’s critical that your firm encrypt data. Otherwise, red team assessors, much like […]

Continue Reading...

Posted in Data Breach, Red Teaming, Software Security Testing | Comments Off on How can red team simulated attacks protect the digital world?

 

The open perimeter: Is your internal network protected?

Large enterprises in the past relied on perimeter security to ensure their services were protected from the outside world. This idea of a trusted firewall has eroded over the years, and is considered an outdated approach to security. However, it is incorrect to assume that a firewall is useless despite the fact that the definition of […]

Continue Reading...

Posted in Internet of Things, Network Security, Red Teaming, Software Security Testing | Comments Off on The open perimeter: Is your internal network protected?

 

What does the Panama Papers leak have to do with your firm’s data security?

If you have the Internet, which presumably you must if you’re reading this, you’ve no doubt run across stories about the Panama Papers leak: the revelation that an estimated 2.6-terabyte leak of data given to the press may have you cheering the downfall of the politicians wailing for changes in tax policies. There’s one key detail that the […]

Continue Reading...

Posted in Data Breach, Red Teaming | Comments Off on What does the Panama Papers leak have to do with your firm’s data security?

 

How to build a red teaming playbook

Red teaming is an iterative process that includes three main components: recon, enumeration and attack. First, we emulate a defined adversary (anything from a script kiddie to an APT threat actor). Then we iterate through the recon/enumeration/attack components repeatedly until we have obtained our defined goal, such as obtaining sensitive client data. 3 ways to […]

Continue Reading...

Posted in Red Teaming, Software Security Testing | Comments Off on How to build a red teaming playbook

 

How to build a game-changing red team

Putting together a game-changing red team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities. Putting together an impactful and game-changing red team will increase […]

Continue Reading...

Posted in Red Teaming | Comments Off on How to build a game-changing red team

 

The secret to red teaming: Thinking maliciously

The technical people who drive our innovation are, for most purposes, well meaning. They create technology which has shaped our way of life, and done what many would have previously considered unthinkable. These developers and engineers are wonderful at conceiving and building systems. However, they are horrible at understanding how to break them. As the […]

Continue Reading...

Posted in Data Breach, Internet of Things, Red Teaming | Comments Off on The secret to red teaming: Thinking maliciously

 

How mapping the Ocean’s Eleven heist can make you better at application security testing

Picture a group of thieves planning a major heist at a Las Vegas casino, à la Ocean’s Eleven. To minimize the chances of getting caught red-handed and to maximize the haul, they need to outline each step of their plan. A map of their strategy might look something like this. The attackers’ goal—rob the casino—is […]

Continue Reading...

Posted in Application Security, Red Teaming, Vulnerability Assessment | Comments Off on How mapping the Ocean’s Eleven heist can make you better at application security testing