Software Integrity Blog

Archive for the 'Red Teaming' Category

 

How to build a red teaming playbook

Red teaming is an iterative process that includes three main components: recon, enumeration and attack. First, we emulate a defined adversary (anything from a script kiddie to an APT threat actor). Then we iterate through the recon/enumeration/attack components repeatedly until we have obtained our defined goal, such as obtaining sensitive client data. 3 ways to […]

Continue Reading...

Posted in Red Teaming

 

How to build a game-changing red team

Putting together a game-changing red team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities. Putting together an impactful and game-changing red team will increase […]

Continue Reading...

Posted in Red Teaming

 

The secret to red teaming: Thinking maliciously

The technical people who drive our innovation are, for most purposes, well meaning. They create technology which has shaped our way of life, and done what many would have previously considered unthinkable. These developers and engineers are wonderful at conceiving and building systems. However, they are horrible at understanding how to break them. As the […]

Continue Reading...

Posted in Data Breach, Internet of Things, Red Teaming

 

How mapping the Ocean’s Eleven heist can make you better at application security testing

Learn how to create an attack tree diagram. Attack trees help you improve your application security, discover vulnerabilities, evaluate defense costs, and more.

Continue Reading...

Posted in Red Teaming, Software Architecture and Design

 

Are you red team secure?

Data breaches can result in severe damages to an organization’s brand, financial standing, or customer trust. Many of these, including recent breaches in the news, are not the result of a single, easy to find weakness that just happened to be overlooked or the common “low hanging fruit” that is adequately detected by automated scanners […]

Continue Reading...

Posted in Red Teaming, Software Architecture and Design, Web Application Security

 

Red teaming a holistic view of security

Software pervades our everyday lives: cellphones, tablets, fitness monitors, websites, networked home appliances, medical equipment, drones and automated vehicles. We expect software to work, often overlooking the need for the software running these systems to be secure. While we stress the importance of building security in throughout the SDLC there are outside vehicles like rogue wireless […]

Continue Reading...

Posted in Mobile Application Security, Red Teaming