Pages
Posts
- Why Offense in Depth is Vital to Red Team Operations
- Lessons Learned Building a Penetration Testing Program: OWASP Portland, OR Podcast with NetSPI’s Nabil Hannan
- Dockerizing the NetSPI Linux Labs
- “So What?” – The Importance of Business Context in Vulnerability Management
- 4 Ways to Avoid Getting Too Comfortable with Your Cyber Security Program
- Key Takeaways from the Florida Water Facility Hack
- Introducing Interactive Pentesting: Human Experts Augmented With IAST
- TechTarget: 6 ways to prevent cybersecurity burnout
- What Does Application Security “as a Service” Really Mean?
- How To Eliminate Friction Between Business and Cyber Security
- Star Tribune: Growth accelerates for Twin Cities cybersecurity businesses
- NetSPI Relaunches Red Team Toolkit
- The Need to Prevent Insider Threats, as Revealed by the SolarWinds Cyber Security Breach
- SC Magazine: Rethink your cybersecurity resiliency using a risk-based strategy
- TechTarget: 5 cybersecurity lessons from the SolarWinds breach
- Build Strong Relationships Between Development and Application Security Teams to Find and Fix Vulnerabilities Faster
- NetSPI Celebrates 35% Organic Revenue Growth in 2020
- AWS versus Azure Cloud Testing: Understanding the Differences
- TechTarget: Standardize cybersecurity terms to get everyone correct service
- Lessons Learned From The Kubernetes Man-in-the-Middle Vulnerability
- Six Activities to Jump Start Your Application Security Journey
- One Take CEO Interviews: How NetSPI is Growing Despite Covid-19, PLUS 3 Things to Do Now to Protect Your Data
- Four Application Security Myths – Debunked
- SC Magazine: From diversity efforts to pandemic recovery, workforce issues will evolve in 2021
- SC Magazine: 2021 strategy predictions: Shifts in business models, shifts in security priorities
- SC Magazine: 2021 tech predictions: The conceptual gets real
- FireEye, SolarWinds, U.S. Treasury: What’s Happening in the Cyber Security World Right Now?
- TechTarget: 3 reasons why CISOs should collaborate more with CFOs
- Trimarc: Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory
- Bleeping Computer: Windows Kerberos Bronze Bit attack gets public exploit, patch now
- ZDNet: Proof-of-concept exploit code published for new Kerberos Bronze Bit attack
- CVE-2020-17049: Kerberos Bronze Bit Attack - Overview
- CVE-2020-17049: Kerberos Bronze Bit Attack - Theory
- Introducing PTaaS Pro: The Smart Solution to Penetrating Testing and Vulnerability Management
- CVE-2020-17049: Kerberos Bronze Bit Attack - Practical Exploitation
- NetSPI Acquires Silent Break Security
- What Not to Do When Ingesting and Prioritizing Vulnerability Data for Remediation
- Healthcare’s Guide to Ryuk Ransomware: Advice for Prevention and Remediation
- The Power of Instrumentation to Automate Components of Vulnerability Testing – from the Creator of IAST
- Shifting Left to Move Forward: Five Steps for Building an Effective Secure Code Review Program
- 5 Things You Didn’t Know a Project Manager Could Do
- NetblockTool: The Easy Way to Find IP Addresses Owned by a Company
- A Beginners Guide to Gathering Azure Passwords
- Introducing PTaaS+: Decreasing Your Organization's Time to Remediation
- TechTarget: How to hold Three Amigos meetings in Agile development
- NetSPI Adds to Leadership Team to Support Continued Focus on Customer Success
- Cyber Security: How to Provide a Safe, Secure Space for People to Work
- The Payment Card Industry: Innovation, Security Challenges, and Explosive Growth
- Cyber Defense Magazine: 3 Steps to Reimagine Your AppSec Program
- The Evolution of Security Frameworks and Key Factors that Affect Software Development
- TechTarget: 3 common election security vulnerabilities pros should know
- The Biggest Challenge Facing CISOs Today – and the Key to Winning
- AutoDirbuster - Automatically Run and Save DirBuster Scans for Multiple IPs
- Checklist: Getting the Most Value Out of Penetration Testing and Vulnerability Management
- How to Build a Cyber Security Team with Staying Power
- Q&A with Nabil Hannan: An Inside Look at Red Teaming Culture
- Aligning Stakeholders, Protecting Against Malicious Insiders, and the Reality that Nothing is Purely Internal Anymore
- Three Keys to Ensuring Application Security from a 40-Year Information Security Veteran
- Four Ways Pentesting is Shifting to an “Always On” Approach
- Lateral Movement in Azure App Services
- TechTarget: What cybersecurity teams can learn from COVID-19
- Black Hat 2020: Highlights from the Virtual Conference; Calls to Action for the Industry
- Security Boulevard: 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next Level
- CIO.com: 4 hot project management trends — and 4 going cold
- The Rise of DDoS Attacks and How to Stop Them
- NetSPI to Help Black Hat USA 2020 Attendees View Penetration Testing and Application Security Through a New Lens
- Get-AzPasswords: Encrypting Automation Password Data
- Four Must-Have Elements of an Always-On Cyber Security Program
- NetSPI Brings Scale, Agility, and Speed to Static Application Security Testing and Secure Code Review
- Cloud Security: What is it Really, Driving Forces Behind the Transition, and How to Get Started
- Azure File Shares for Pentesters
- Focus on Context to Improve Your Incident Response Plan
- Dark Reading: Pen Testing ROI: How to Communicate the Value of Security Testing
- Building a Security Framework in a Compliance-Driven World
- NetSPI Reimagines Strategic Advisory Services, With a Focus on Application Security
- Your Phone Really is Listening to You: The Evolution of Data Privacy, GDPR, and Why/How to Ensure Compliance
- Bypassing External Mail Forwarding Restrictions with Power Automate
- COVID-19: Evaluating Security Implications of the Decisions Made to Enable a Remote Workforce
- Introduction to Hacking Thick Clients: Part 6 – The Memory
- TechTarget: Invest in new security talent with cybersecurity mentorships
- Getting Started on Your Application Security Journey
- Introduction to Hacking Thick Clients: Part 5 – The API
- Making the Case for Investing in Proactive Cyber Security Testing
- E-Commerce Trends During COVID-19 and Achieving PCI Compliance
- Introduction to Hacking Thick Clients: Part 4 – The Assemblies
- Why Organizations Should Think More Holistically About Preparing for and Responding to a Security Breach
- Introduction to Hacking Thick Clients: Part 3 – The File System and Registry
- Challenges and Keys to Success for Today’s CISO from the Former CISO at the CIA
- Dark Reading: Organizations Conduct App Penetration Tests More Frequently – and Broadly
- Introduction to Hacking Thick Clients: Part 2 – The Network
- Credit Union Journal: Credit unions must step up cybersecurity during coronavirus
- Attacking Azure Container Registries with Compromised Credentials
- Penetration Testing Paradox: Criteria for Evaluating Pentest Providers
- Overcoming Challenges of COVID-19 with Telemedicine and New Technology Solutions
- Evil SQL Client Console: Msbuild All the Things
- Introduction to Hacking Thick Clients: Part 1 - the GUI
- Zoom Vulnerabilities: Making Sense of it All
- Introducing BetaFast - NetSPI's Vulnerable Thick Client
- Penetration Testing as a Service – Scaling to 50 Million Vulnerabilities
- Gathering Bearer Tokens from Azure Services
- BAI Banking Strategies: Work from home presents a data security challenge for banks
- The Evolution of Cyber Security Education and How to Break into the Industry
- Credit Union Times: Vulnerability Management Considerations for Credit Union M&As
- Through the Attacker's Lens: What Is Visible on Your Perimeter?
- Staying Off the Hamster Wheel of Cloud Security Pain
- Decrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings
- #WFH – Embracing the New Norm of Working From Home
- Linux Hacking Case Studies Part 5: Building a Vulnerable Linux Server
- Linux Hacking Case Studies Part 4: Sudo Horror Stories
- Keeping Your Organization Secure While Sending Your Employees to Work from Home
- Linux Hacking Case Studies Part 3: phpMyAdmin
- Linux Hacking Case Studies Part 2: NFS
- Staying Safe Online During the COVID-19 Pandemic
- Linux Hacking Case Studies Part 1: Rsync
- Gaining AWS Console Access via API Keys
- NetSPI Response to COVID-19
- Innovation and Consistency: The Right and Left Brain of Vulnerability Management
- Banking Dive: Banks engage in self-hacks to keep defenses sharp
- RSA 2020: Three Takeaways from the Halls of the Moscone Center
- Azure Privilege Escalation Using Managed Identities
- ABA Banking Journal: Go Hack Yourself
- Adaptive DLL Hijacking
- Why Do People Confuse “End-to-End Encryption” with “Security”?
- NetSPI Introduces Penetration Testing as a Service (PTaaS) Powered by Resolve™
- Attacking Azure with Custom Script Extensions
- What Is.com Word of the Day: Pentesting as a Service (PTaas)
- NetSPI Heads to RSAC 2020 to Showcase and Demo Penetration Testing as a Service (PTaaS) Powered by Resolve™
- Keep Pace with Evolving Attack Surfaces: Penetration Testing as a Service
- NetSPI Adds Seasoned Security Expert Nabil Hannan to Its Team
- Three Things To Remember When Building Your InfoSec Program
- Six Ways to Increase the Business Relevance of Risk-Based Reporting
- Azure Privilege Escalation via Cloud Shell
- Your Cloud Assets are Probably Not as Secure as You Think They Are
- Analyzing DNS TXT Records to Fingerprint Online Service Providers
- Exploiting SQL Server Global Temporary Table Race Conditions
- Leading Financial Institution Leveraged NetSPI Red Team Service to Improve Their Security Posture
- Limiting The Exposure of Plain Text Passwords in C#
- CVE-2019-10617 – AtherosSvc Registry LPE
- Maintaining Azure Persistence via Automation Accounts
- MachineAccountQuota Transitive Quota: 110 Accounts and Beyond
- NetSPI to Present and Exhibit at Black Hat USA 2019 Information Security Conference
- Collecting Contacts from zoominfo.com
- Modern Red Team Infrastructure
- Re-Animating ActivitySurrogateSelector
- NetSPI Announces 50% Year-Over-Year Revenue Growth And Rapid Expansion
- Using Azure Automation Accounts to Access Key Vaults
- MachineAccountQuota is USEFUL Sometimes: Exploiting One of Active Directory's Oddest Settings
- Get-AzurePasswords: Exporting Azure RunAs Certificates for Persistence
- NetSPI to Exhibit at RSA Conference 2019
- NetSPI Launches New Vulnerability Management and Orchestration Platform
- NetSPI Partners with University of Minnesota Masonic Children’s Hospital as Part of New Philanthropic Program
- NetSPI Releases Vulnerability Management Integration Framework
- Make it Easy on the Development Team
- ADIDNS Revisited - WPAD, GQBL, and More
- NetSPI Names Bill Carver as New Chief Information Security Officer
- Escape NodeJS Sandboxes
- Five Signs Your Application Security Assessment Process Needs a Reboot
- Machine Learning for Red Teams, Part 1
- Running PowerShell on Azure VMs at Scale
- Data Silos: Are They Really a Problem?
- XXE in IBM's MaaS360 Platform
- Recurring Vulnerability Management Challenges That Can't Be Ignored
- Anonymously Enumerating Azure Services
- What's Next and New with NetSPI Resolve
- Tokenvator: Release 2
- Inveigh - What's New in Version 1.4
- Four Ways to Bypass iOS SSL Verification and Certificate Pinning
- How to Streamline Pentest Data to Security Orchestration
- An Approach to Bypassing Mail Filters
- How to Track Vulnerability Data and Remediation Workflow
- Get-AzurePasswords: A Tool for Dumping Credentials from Azure Subscriptions
- Security Orchestration vs. Automation: What's the Difference?
- Introducing Burp Extractor
- NetSPI to Present and Exhibit at Black Hat USA 2018
- Are You Flooded With Vulnerabilities?
- .Net Reflection without System.Reflection.Assembly
- Anonymously Enumerating Azure File Resources
- Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS
- Bypassing SQL Server Logon Trigger Restrictions
- Tokenvator: A Tool to Elevate Privilege using Windows Tokens
- Prioritizing the Remediation of Mitre ATT&CK Framework Gaps
- Dumping Active Directory Domain Info - with PowerUpSQL!
- Databases and Clouds: SQL Server as a C2
- Utilizing Azure Services for Red Team Engagements
- Attacking Application Specific SQL Server Instances
- Executing .NET Methods with RunDotNetDll32
- Dumping Active Directory Domain Info - in Go!
- Please Stop Giving Me Your Passwords
- Jira Information Gathering
- NetSPI Announces New Advisory Services Focused on Threat and Vulnerability Management
- Take Him Away, Boys - Creating a Get-Out-of-Jail Letter
- Attacks Against Windows PXE Boot Images
- Four Ways to Bypass Android SSL Verification and Certificate Pinning
- Microsoft Word - UNC Path Injection with Image Linking
- NetSPI SQL Injection Wiki
- Speaking to a City of Amazon Echoes
- NetSPI Announces Senior Leadership Appointments to Catapult Growth
- DNS Tunneling with Burp Collaborator
- dataLoc: A POC Tool for Finding Payment Cards Stored in MSSQL
- Identifying Payment Cards at Rest – Going Beyond the Key Word Search
- Attacking SQL Server CLR Assemblies
- Anonymous SQL Execution in Oracle Advanced Support
- Targeting RSA Emergency Access Tokencodes for Fun and Profit
- Application Self Protection - A New Addition to the OWASP Top 10
- Dynamic Binary Analysis with Intel Pin
- How to get SQL Server Sysadmin Privileges as a Local Admin with PowerUpSQL
- Beautifying JSON in Burp
- Expanding the Empire with SQL
- Targeting Passwords for Managed and Federated Microsoft Accounts
- SQL Injection to Help You Sleep at Night
- Getting Started with WMI Weaponization - Part 6
- NetSPI Raises Growth Capital From Sunstone Partners
- Getting Started with WMI Weaponization - Part 5
- Getting Started with WMI Weaponization - Part 4
- Getting Started with WMI Weaponization - Part 3
- Getting Started with WMI Weaponization - Part 2
- Getting Started with WMI Weaponization - Part 1
- SQL Server Link Crawling with PowerUpSQL
- Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them
- Cisco ASA Remote Code Execution - Verifying CVE-2016-1287
- Defeating CSRF Protections Through Expired cross-domain.xml Domains
- Attacking JavaScript Web Service Proxies with Burp
- Common Red Team Techniques vs Blue Team Controls Infographic
- Establishing Registry Persistence via SQL Server with PowerUpSQL
- Get Windows Auto Login Passwords via SQL Server with PowerUpSQL
- Finding Weak Passwords for Domain SQL Servers on Scale using PowerUpSQL
- Finding Sensitive Data on Domain SQL Servers using PowerUpSQL
- Blindly Discover SQL Server Instances with PowerUpSQL
- Attacking Federated Skype for Business with PowerShell
- PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
- Using PowerShell to Identify Federated Domains
- Adding Web Content Filter Exceptions for Phishing Success
- Maintaining Persistence via SQL Server – Part 2: Triggers
- Tinder Flaw: Location-Based Application Payment Logic Bypass
- Open Source Software – Is It the Death of Your Company?
- Dumping Memory on iOS 8
- Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures
- Java Deserialization Attacks with Burp
- Directory Traversal, File Inclusion, and The Proc File System
- NetSPI’s Top Password Masks for 2015
- Building an Application Security Program from Scratch: Part 1
- PowerShell Remoting Cheatsheet
- Auto-Dumping Domain Credentials using SPNs, PowerShell Remoting, and Mimikatz
- 10 Places to Stick Your UNC Path
- Collecting Contacts from LinkedIn Using linkedin_crawl
- Debugging Burp Extensions
- A Faster Way to Identify High Risk Windows Assets
- Top 10 Critical Findings of 2014 - Mobile Applications
- Running LAPS Around Cleartext Passwords
- Forcing XXE Reflection through Server Error Messages
- GPU Cracking: Rebuilding the Box
- Playing with Content-Type – XXE on JSON Endpoints
- Top 10 Critical Findings of 2014 - Thick Applications
- Decrypting WebLogic Passwords
- All You Need Is One - A ClickOnce Love Story
- Hacking SQL Server Procedures – Part 4: Enumerating Domain Accounts
- iOS Tutorial - Dumping the Application Memory Part 2
- NetSPI's Top Cracked Passwords for 2014
- Dumping Git Data from Misconfigured Web Servers
- Decrypting MSSQL Credential Passwords
- Advisory: XXE Injection in Oracle Database (CVE-2014-6577)
- Attacking Android Applications With Debuggers
- Hacking SQL Server Stored Procedures – Part 3: SQL Injection
- iOS Tutorial – Dumping the Application Heap from Memory
- An Introduction to the Open Software Assurance Maturity Model (OpenSAMM)
- Cracking Stats for Q3 2014
- Hacking SQL Server Stored Procedures – Part 2: User Impersonation
- Mobile Application Threat Modeling
- Hacking SQL Server Stored Procedures – Part 1: (un)Trustworthy Databases
- Advisory: Oracle Forms 10g Unauthenticated Remote Code Execution (CVE-2014-4278)
- IT Asset Management – Where to Start
- LM Hash Cracking – Rainbow Tables vs GPU Brute Force
- 15 Ways to Bypass the PowerShell Execution Policy
- Cracking Stats for Q2 2014
- Intercepting Native iOS Application Traffic
- Bypass iOS Version Check and Certification Validation
- Stealing unencrypted SSH-agent keys from memory
- Bypassing AV with Veil-Evasion
- Open Source Frameworks - How secure are they?
- Verifying ASLR, DEP, and SafeSEH with PowerShell
- 15 Ways to Download a File
- Malicious MobileConfigs
- Cracking Stats for Q1 2014
- Locate and Attack Domain SQL Servers without Scanning
- Decrypting IIS Passwords to Break Out of the DMZ: Part 2
- Executing MSF Payloads via PowerShell Webshellery
- Using strace to monitor SSH connections on Linux
- The Way Back Machine - Microsoft Word for Windows 1.1a
- GPU Password Cracking – Building a Better Methodology
- Detective control testing during penetration tests Scott Sutherland Guest Blogs for Secure360
- Decrypting MSSQL Database Link Server Passwords
- DeKrypto - Padding Oracle attack against IBM WebSphere Commerce (CVE-2013-05230)
- Karl Fosaaen Guest Blogs for Secure360
- Decrypting IIS Passwords to Break Out of the DMZ: Part 1
- Vulnerability Disclosure Submission Standard?
- Under the Door Tools – Opening Doors for Everyone
- SMB Attacks Through Directory Traversal
- Faster Domain Escalation using LDAP
- Reverse Engineering iOS Applications in a Fun Way
- Android Root Detection Techniques
- Sky Prioritize Yourself
- Things not to overlook in the new PCI DSS 3.0
- PA-DSS 3.0 – What to Expect
- Facebook Friends, Your Email Address Isn’t that Private
- Using Powershell and Reflection API to invoke methods from .NET Assemblies
- Outsourcing application development – what is missing?
- The Value of Detective Controls
- Firewall Configuration Review
- Binrev- Automate Reversing Windows Binaries for Pentesters
- Identifying Rogue NBNS Spoofers
- Is SQL Injection a Terminable Offense?
- Parsing SVN Entries Files with PowerShell
- Bypassing AirWatch Root Restriction
- Quick! To the HyperTerminal
- Java Obfuscation Tutorial with Zelix Klassmaster
- Function Hooking Part I: Hooking Shared Library Function Calls in Linux
- Magic Bytes - Identifying Common File Formats at a Glance
- Biometrics in the age of Pastebin
- Great, you use CA SiteMinder, but you broke it!
- Cracking Credit Card Hashes with PowerShell
- SQL Server – Link... Link... Link... and Shell: How to Hack Database Links in SQL Server!
- GPU Cracking: Putting It All Together
- Breaking Out! of Applications Deployed via Terminal Services, Citrix, and Kiosks
- Patching Java Executables – The Easy Way
- Adding PowerShell to Web Shells to get Database Access
- GPU Cracking: Setting up a Server
- Certificate Pinning in a Mobile Application
- Why does one QSA pass me and another would not?
- GPU Cracking: Building the Box
- Attacking Restricted Linux Shells
- Hacking High Scores in iOS GameCenter
- Resources for Aspiring Penetration Testers
- Hacking Web Services with Burp
- Code Review – is automated testing enough?
- Know Your Opponent – an Inference Attack Against iOS Game Center
- Mobile Application Testing - Where is it?
- Oracle’s stealth password cracking vulnerability
- Bypassing Anti-Virus with Metasploit MSI Files
- 10 Evil User Tricks for Bypassing Anti-Virus
- Tool release: AMF Deserialize Burp Plugin
- Happy New Year – Have you made your application testing resolution yet?
- Executing SMB Relay Attacks via SQL Server using Metasploit
- 2013 Cyber Threat Forecast Released
- Hacking Passbook, the Real Way to do Extreme Couponing
- SQL Server Local Authorization Bypass MSF Modules
- Compliance Impact of Virtual Artifacts
- Automating HalfLMChall Hash Cracking
- OWASP AppSec 2012 Presentation: SQL Server Exploitation, Escalation, and Pilfering
- Exploiting Trusted Hosts in WinRM
- Testing Applications for DLL Preloading Vulnerabilities
- Android Exploitation Technical Paper Release
- Thoughts on Web Application Firewalls
- UPEK + Lenovo = Insecure Password Storage
- Pentesting Java Thick Applications with Burp JDSer
- BYOD & Security Assessments
- A False Sense of Security
- SQL Server Local Authorization Bypass
- PA-DSS vendors now have training options
- Filling the Void - QIR Program
- Incident Response – When Expectations Go Astray
- How to Remote Desktop to BackTrack 5 from Windows
- 10 Techniques for Blindly Mapping Internal Networks
- 5 Ways to Find Systems Running Domain Admin Processes
- Virtualization Security Resources
- Passwords: Strength and Longevity vs. Uniqueness
- Web Application Testing: What is the right amount?
- How to Access RDP over a Reverse SSH Tunnel
- Smartphone Pattern Unlock Sucks
- Enterprise Vulnerability Management
- Facebook message spoofing via SMTP
- The Choice is No Longer Yours - Changes to PCI
- Penetration Testing - Deception through Vocabulary
- Introduction to Windows Dictionary Attacks
- Mobile security is the new hotness
- Measuring Security Risks Consistently
- Pentesting the Cloud
- New MasterCard Level 2 Validation Requirements Effective June 30, 2012
- Unique Encryption Keys Not So Unique
- Social Media and Healthcare: Bane and Gain
- Care and Feeding of your PCI DSS Compliance Program
- The Annual Struggle with Assessing Risk
- HIPAA Privacy Audits - How Badly Am I Screwed?
- Secure the Silver
- Data Breach Alphabet Soup
- PCI PA-DSS in Healthcare - Part 2
- DEA Electronic Prescription of Controlled Substances – Certification Clarification
- When Databases Attack - Finding Data on SQL Servers
- The Catch-22 of Policy Updates
- Why I Hate The Cloud
- Mobile Devices in Corporate Environments
- Medical Device Security
- Do You Know Where Your Data Is?
- When Databases Attack: SQL Server Express Privilege Inheritance Issue
- Insider Threats
- PCI 2.0 scoring matrix released to the public (now your kids can play “PCI Auditor” at home!)
- Hacking Twitter for Fun (and Profit?)
- Metrics: Your Security Yardstick - Part 2 - Defining Metrics
- Mayo Clinic's Solution for Social Media Challenges
- Metrics: Your Information Security Yardstick
- Reflections on Black Hat 2011
- Security and Privacy Considerations in "Meaningful Use"
- PCI and the "other wireless"
- EMR Security in the Cloud
- Email Uses and Security Liabilities
- The value of multi-layer / comprehensive pen testing
- When Databases Attack: Hacking with the OSQL Utility
- Hacking with JSP Shells
- What Happened to Vulnerability Management?
- Prioritization for Healthcare Executives
- When Databases Attack: Secure360
- Healthcare and Identity Theft Programs
- Thoughts on NetSPIs 10-year anniversary
- The Danger of Retaining Data
- HIPAA May not Protect Compulsive Liars
- Building Tanks
- Big Changes in PA-DSS v2.0
- Counseling the Corporate Board
- When Databases Attack: Entry Points
- IT Manager's guide to passing the PA-DSS Audit
- In Which a Smartphone is Pwnt, Thoroughly and Without Reason
- SQL Injection: Death by Blacklist
- Virtual Terminals and PCI 2.0 - Introducing the SAQ C-VT
- PCI PA-DSS in Healthcare – Part 1
- OWASP AppSec - Database Trusts Presentation Video
- Common Compliance Hurdles Part 3: Data Retention
- What’s New in PCI DSS 2.0 – No Surprise That There Are No Surprises
- Fuzzing Parameters in CSRF Resistant Applications with Burp Proxy
- Performing Code Reviews to PCI Requirements
- Does DLP Help Solve HIPAA Concerns?
- Security in the Cloud
- Business Associates Need to Understand HIPAA & HITECH Requirements
- Presenting at OWASP AppSec Conference
- Windows Tools in BackTrack
- Invisible Threats: Insecure Service Accounts
- Common Compliance Hurdles Part 2: Non-compliant Applications
- Is PCI driving the development of information security within healthcare?
- The Systems That Time Forgot
- Secure360
- PCI Compliance: Now a Finance Issue as Well
- PCI Assessors Meeting
- Are You Testing Your Web Application for Vulnerabilities?
- Risk, Security and Subjectivity Within PCI
- Common Compliance Hurdles Part 1: Increased PCI Scope
- Penetration Testing: Stopping an Unstoppable Windows Service
- Observations from HIMSS
- Manual vs. Automated Testing
- HITRUST Part 4 Looking Forward
- What's Happening in the Application Security Arena?
- HITRUST Part 3 Certification Explained
- Vulnerability Alert: FCKeditor Arbitrary File Upload
- HITRUST Part 2: Taking a First Look at the CSF
- What is HITRUST? - Part 1
- IP Traceback: Has Its Time Arrived?
- How Good Are Your Application Security Assessments?
- Brand Reciprocity Revoked by Visa and MasterCard: What It Means for Merchants
- Internal Penetration Testing: Attacking Systems That Matter
- 60 Minutes on Cyber Security Risks
- Do Not Use the Back Door!
- Questions on PA-DSS from Software Companies and Straight Answers
- PCI in Europe Today
- European PCI Community Meeting: Some Impressions
- Vulnerability Scanning with Multiple Products
- Where the CISO Reports
- Healthcare Solutions and PA-DSS Compliance (with a Deadline in July)
- Beyond the PCI Audit: Helping Merchants and Service Providers as a Partner
- Botnet Detection and Dynamic DNS
- Preventing SQL Injection at the Database
- Are We Ready for a Security Software Assurance Program?
- Windows Privilege Escalation Part 2: Domain Admin Privileges
- Windows Privilege Escalation Part 1: Local Administrator Privileges
- Mergers & Acquisitions in the Information Security Field
- Maturity and Convergence at the PCI-SSC Community Meeting
- Security, Compliance, and the New Retail Economy
- Cyber Security and Nuclear Energy
- You Cannot Outsource the Consequences of a Breach
- Social Media and Corporate Guidance
- Healthcare Organizations and Tighter Security Requirements
- The Far-Reaching Impact of the PCI DSS
- PCI and Assessment Consistency
- Compliance vs. Risk
- Is your Compliance Driven by More Than an Audit?
Podcasts
- EPISODE 026 – The Evolution of Risk Management and the Chief Risk Officer
- EPISODE 025 – How Well Do You Know Your Breach Preparedness, Incident Response, and Regulatory Obligations?
- EPISODE 024 – Startup Security, Threat Modeling, Pre-Social Engineering, and More
- EPISODE 023 – From Wealth Management to Vulnerability Management – Insights Gained from a Unique Career Path
- EPISODE 022 – Culture Eats Strategy for Breakfast: Acquisition and InfoSec Insights from NetSPI’s New CTO
- EPISODE 021 – Comfort is the Enemy: Leadership Advice from a Top Woman in Cyber Security
- EPISODE 020 – What Makes a Successful Technologist, A Day in the Life of a Security Firm CISO, and Lessons from an Effective Phishing Engagement
- EPISODE 019 – Tech Resiliency Amid COVID-19 and Criteria for an Investment-Worthy Company
- EPISODE 018 - Wireless Security Challenges, SMS Evolution, 3G Flaws, and 5G Implications
- EPISODE 017 - A Peek into the Development of India’s First Computer Crimes Unit and IT Act of 2000
- EPISODE 016 - Mentorships, M&As and IPOs from a Security Perspective, and Advising Early-Stage Start-ups
- EPISODE 015 - How to Modernize Your AppSec Program from Jeff Williams, a Key Contributor to the OWASP Top 10
- EPISODE 014 - Dark Reading’s Executive Editor Shares Her Perspective on Cyber Security
- EPISODE 013 - Building Security into the SDLC: An IAST Evangelist’s Perspective
- EPISODE 012 - Cyber Security is Boring: Doing the Hard Work to Provide a Safe and Secure Workplace
- EPISODE 011 - LogMeIn’s CISO Shares Insight into Growing a Security Program – and Common Challenges
- EPISODE 010 - The Payment Card Industry: At the Crossroads of Convenience and Security
- EPISODE 009 - One InfoSec Veteran’s Journey to Cyber Security & The Biggest Challenges Faced by CISOs Today
- EPISODE 008 - Three Keys to Application Security – and the Criticality of Cross-Functional Relationships
- EPISODE 007 - Building Secure Software and a Peek into the Cyber Security of the Brazilian Elections
- EPISODE 006 - The Evolving History of Cyber Security – From Mainframes to the Cloud
- EPISODE 005 - Why Your Company Should Prioritize Data Privacy – and Implications If You Fail To Do So
- EPISODE 004 - Thinking Bigger About Disaster Recovery Plans, and Preparing for and Responding to Breaches
- EPISODE 003 - How One Clinic is Leveraging Telemedicine and Technology to Manage Through COVID-19
- EPISODE 002 - Developing the Cyber Security Governance of a Nation – A Mix of IT and Strategic Planning
- EPISODE 001 – Cyber Security Education and the Ethics of Teaching Students to Break Things
Case Studies
Webinars
Resources
