3 min
InsightAppSec
3 Questions to Ask When Prioritizing Web Application Vulnerabilities
Dynamic application security testing (DAST)
often results in a constantly
evolving list of security vulnerabilities. When scanning a web application
in production or
in an active testing environment, issues can crop up as quickly as changes
happen within the app. And when exposed to the internet itself, there are many
more ways in which security vulnerabilities
6 min
Log Management
Taking a Message-Based Approach to Logging
When you think about it, a log entry is really nothing more than a message that
describes an event. As such, taking a message-based approach to logging by
utilizing messaging technologies makes sense. Messaging creates the loose
coupling that allows a logging system to be adaptable to the needs at hand and
extensible over time.
Understanding a Standard Logging Architecture
Typically, logging is implemented in an application using a logger
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Jan. 12, 2018
'Sploits! Get yer 'sploits heeere!
Lots of fresh modules this week with six shiny new exploits to showcase—but
first, a blast from the past:
1992 Called
Solaris wants to help you get password hashes and they've invented the NIS
protocol. The next
time you find a Solaris box, locked in a closet, that three generations of
sysadmins have been afraid to touch, you can dump hashes straight to your
Metasploit loot
6 min
Automation and Orchestration
How to Choose a Security Orchestration and Automation Platform
In the market for a security orchestration and automation platform
but
don’t know what solution is right for you? Or perhaps you’ve made some rushed
decisions with past products and want to take a more careful approach this time
around? We get it — sifting through all different security orchestration
options on the
market today is no walk in the park. At the end
4 min
Application Security
4 Differences Between Network Security & Application Security
Tomato, tomato, potato, potato, network security
and web
application security
. Two things that
may seem similar, they are actually quite different. Network security (also
known as vulnerability assessment or vulnerability management
) has been around
for quite some time and is something most security practition
4 min
GDPR
GDPR Preparation Checklist: January – Teach and Tidy
New year, new things to think about when it comes to your GDPR compliance
preparations. Hopefully your
GDPR project is in full swing by now. If it’s not, then you do really need to be
getting your skates well and truly on. Do take a look through our November
and December
3 min
Patch Tuesday
Patch Tuesday - January 2018
The first Microsoft patches of 2018 came early, with new updates released late
Wednesday, January 3rd. Although this was due to the (somewhat
) coordinated
disclosure of the Meltdown and Spectre
vulnerabilities, last week’s updates also contained fixes for 33 additional
CVEs. These days, Microsoft releases their OS updates as monolithi
3 min
Metasploit Weekly Wrapup
Metasploit Wrapup 1/5/18
2018: a new year, new vulns, and endless opportunities to exploit them. The
Metasploit community is kicking off the year with a variety of new content,
functionality, research, and coordinated vulnerability disclosure.
New Year, New Vulns
After a couple months of coordinated disclosure work, long-time Metasploit
contributor Karn Ganeshen offered up a handful of
modules and a couple mixins for testing wireless routers from Cambium Networks
3 min
InsightVM
Vulnerability Management Year in Review, Part 1: Collect
Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.
6 min
Haxmas
HaXmas Review: A Year of Patch Tuesdays
Today’s installment of the 12 Days of HaXmas is about 2017’s 12
months of Patch Tuesdays . Never mind that there were only
eleven months this year, thanks to Microsoft canceling
most of February’s planned fixes. This coincided with when they’d planned to
roll out their
7 min
Haxmas
12 Memorable Metasploit Moments of 2017
This HaXmas, we delve into 12 Memorable Metasploit Moments from 2017 that inspired us, impressed us, and made us feel more connected to our global community of contributors, users, and friends.
4 min
Haxmas
An Evaluation of the North Pole’s Password Security Posture
Co-written by Jonathan Stines and Tommy Dew
. See all of this year's HaXmas content here
.
He sees your password choices;
He knows when they’re not great.
So don’t reuse those passwords, please,
And make them all longer than eight.
Now that Christmas has passed and all of the chaos from the holidays is winding
down, Santa and the elves are finally able to sit back and recover from the
strenuous Holiday commotion. H
6 min
Haxmas
Regifting Python in Metasploit
Metasploit has been taking random Python scripts off the internet and passing them off as modules! Well, not exactly. Read on to see how we're extending the module system's scalability and what Python has to do with that.
4 min
Haxmas
Forget The Presents: HaXmas Is All About The [Gift] Certificates
2017 is nearly at an end, and most of the cybersecurity world is glad to see it
go. We've been plagued with a myriad of vulnerabilities, misconfigurations and
attacks that have kept many of us working harder than Santa's elves on December
23rd to ensure our systems and networks were not in harm's way.
The attacks may be over, but 2017 is not done "giving" just yet.
Earlier this year, the Google Chrome team announced their intent to deprecate
and remove trust in Symantec-issued certificates due
5 min
Haxmas
Uses For Tech of HaXmas Past
Before you throw technology from HaXmas gifts past on the shelf of misfit toys, consider this story about how one security researcher found new uses for an old gizmo. Your old tech is crying out to be reused!