August 23, 2012
My point in all of this is that automated vulnerability scanning is certainly useful and, with large environments or applications, absolutely necessary (we use some of these tools in our assessment process), but don’t be lulled into a false sense of security. If this is all that you are doing to identify and address potential vulnerabilities within your network or critical application environments then you have a problem.
October 25, 2010
“Escalating Privileges through Database Trusts” focuses on how to leverage trust relationships between application, database, and system accounts to gain unauthorized access to systems and sensitive data.
May 5, 2010
As an organization that performs a large volume of code reviews and penetration tests, NetSPI is frequently asked which type of application assessment is the best option. Your primary options are a code review or a web application penetration test. …
May 4, 2010
In recent years web application security has gotten a lot of attention. The advent of easy to use web proxies has brought a lot of attention to SQL injection and cross-site scripting vulnerabilities, and developers have taken note. Thick application …
January 22, 2010
. . . no single application assessment or code review product could find more than about 35% of the total vulnerabilities GE could find with a manual process. That alone should encourage anyone serious about eradicating vulnerabilities within their applications to step it up a notch!
January 7, 2010
According to Gartner, 75% of the attacks are coming though web applications and not through the network. This means greater emphasis needs to be placed on application security. However, this does not appear to be happening.
October 5, 2009
Integrating security checks and balances with your application development processes is certainly uncharted territory for many security professionals. Why is this so?
July 15, 2009
NetSPI is embarking on an initiative to provide opinions and insight to security practitioners in the form of periodic blog entries covering four specific subject areas, one of which is Application Security. Entries in this blog category will be providedby members of NetSPI’s Application Security team and will [...]