April 24, 2012
I’ve also discovered that non-security executives often seem to think that a pen test is a pen test is a pen test and while this certainly isn’t the case (there is real skill involved in effective penetration testing, as well as the need for a solid process), what’s really frustrating is that it’s often the situation that what people call a pen test is actually a vulnerability assessment or a scan and that drives me nuts.
February 9, 2011
As vulnerability assessments continue from quarter to quarter, some vulnerabilities seem to appear, disappear, and reappear again. Some appear that were never seen before, despite the fact the affected software has been in use for over a year.
January 7, 2010
According to Gartner, 75% of the attacks are coming though web applications and not through the network. This means greater emphasis needs to be placed on application security. However, this does not appear to be happening.
December 19, 2009
The worst kind of vulnerability in your environment is the one you don’t know exists. The “FCKeditor Arbitrary File Upload” issue seems to be just such a vulnerability.
November 2, 2009
If your security team is a capable one, I encourage you to incorporate both commercial and open source tools, and even consider the introduction of more than one commercial product.
July 15, 2009
NetSPI is embarking on an initiative to provide opinions and insight to security practitioners in the form of periodic blog entries covering four specific subject areas, one of which is Application Security. Entries in this blog category will be providedby members of NetSPI’s Application Security team and will [...]