Sage Advice
My point in all of this is that automated vulnerability scanning is certainly useful and, with large environments or applications, absolutely necessary (we use some of these tools in our assessment process), but don’t be lulled into a false sense of security. If this is all that you are doing to identify and address potential vulnerabilities within your network or critical application environments then you have a problem.
READ POST
NetsPWN: Assessment Services
“Escalating Privileges through Database Trusts” focuses on how to leverage trust relationships between application, database, and system accounts to gain unauthorized access to systems and sensitive data.
READ POST
NetsPWN: Assessment Services
As an organization that performs a large volume of code reviews and penetration tests, NetSPI is frequently asked which type of application assessment is the best option. Your primary options are a code review or a web application penetration test. …
READ POST
NetsPWN: Assessment Services
In recent years web application security has gotten a lot of attention. The advent of easy to use web proxies has brought a lot of attention to SQL injection and cross-site scripting vulnerabilities, and developers have taken note. Thick application …
READ POST
NetsPWN: Assessment Services
. . . no single application assessment or code review product could find more than about 35% of the total vulnerabilities GE could find with a manual process. That alone should encourage anyone serious about eradicating vulnerabilities within their applications to step it up a notch!
READ POST
NetsPWN: Assessment Services
According to Gartner, 75% of the attacks are coming though web applications and not through the network. This means greater emphasis needs to be placed on application security. However, this does not appear to be happening.
READ POST
Sage Advice
Integrating security checks and balances with your application development processes is certainly uncharted territory for many security professionals. Why is this so?
READ POST
NetsPWN: Assessment Services
NetSPI is embarking on an initiative to provide opinions and insight to security practitioners in the form of periodic blog entries covering four specific subject areas, one of which is Application Security. Entries in this blog category will be providedby members of NetSPI’s Application Security team and will [...]
READ POST
Solutions
Services
About NetSPI
Contact Us
Copyright ©2012 NetSPI Inc. All rights reserved