After receiving a seemingly innocent call from your “IT department” to help test a new company portal, you worked with the developer on the phone and diligently followed his prompts as quickly as possible so you could get back to work on this memo your boss wanted. A few hours later, it dawns on you. […]
Such a simple question, but it has many different answers, all of which can be important to your understanding of web application security. The Open Web Application Security Project (OWASP) is a non-profit organization with a simple mission: Improving the Security of Software. The organization is open to anyone, receiving contributions from security professionals and […]
In folklore, the silver bullet is the only thing that can effectively kill a werewolf. Sure, you can trap a werewolf and hide til daylight or concoct some other workaround, but if you are lucky enough to have a silver bullet that is the one-stop shop. You can kill the werewolf and not have to […]
On September 24th, 2019, Senate Bill S.315 aka the “DHS Cyber Hunt and Incident Response Teams Act of 2019” was passed unanimously. The legislation seeks to amend the Homeland Security Act of 2002, authorizing DHS’ National Cybersecurity and Communications Integration Center (NCCIC) to permanently operate cyber hunt and incident response teams that can aid federal […]
In the spirit of kicking off Cyber Security Awareness Month, today we take a look back at useful tricks and tips to help improve your organization’s cyber security awareness. Remember, you are only as secure as your weakest link, which tends to be the people working in your organization. Password Management As you might expect, […]
For any organization, the first step in protecting your assets is understanding what you have. While most companies are pretty good at inventorying their physical assets (e.g. computers, devices, monitors), they are overlooking another critical asset they should be considering: their data. Understanding how what sensitive data flows throughout your network, who has access to […]
What is the Visa Merchant Servicer Self-Identification Program (MSSIP) and how can I get my company included on the list? This is a great question and today we will explore what this is, the benefits for your company, and how you can get on the list. What is the Visa MSSIP? The Visa MSSIP was […]
In today’s blog, we are going to focus on PCI compliance. If you are being asked to show that you are handling credit card information appropriately and are compliant with the PCI Data Security Standard (DSS), there are two ways this can be done, a Self Assessment Questionnaire (SAQ) or a Report on Compliance (RoC). […]
We discussed last week that open source intelligence, or OSINT, is one of the most important phases of an assessment for a penetration tester. It is this part of a test where an engineer is gathering background information about an organization that is publicly available, ranging from the business they are in, to the types […]
There is no question that administrators need an account with elevated permissions so they can effectively manage and care for the domain and users. For this blog, let’s call that account the “Superman” account. However, security best practice is increasingly calling for administrators to have a second account that they use to perform their daily […]
