Innovative Minds - On Point - One Group  

ISP Blog

This is the blog for MindPoint Group's Information Security & Privacy (ISP) division. We hope to use this to contribute to and debate ideas among the ISP community.
18
Nov
2018

REST Assured: Penetration Testing REST APIs Using Burp Suite: Part 2 – Testing

By:

Welcome back! In part 1 of REST Assured blog series, we discussed the definitions and history behind APIs, and we reviewed the proper configuring of Burp Suite for conducting security testing against them. In Part 2 of the blog, we’re going to be getting into the fun part: Testing. Testing I’ll preface the testing first

Read More

14
Nov
2018

REST Assured: Penetration Testing REST APIs Using Burp Suite: Part 1 – Introduction & Configuration

By:

Introduction: Hello and welcome to our 3-part blog series where we will take a dive into the technical aspects of conducting exhaustive penetration tests against REST API services and generating reports based on what tests were performed and what our findings are. Due to the subject matter being relatively technical, I’m taking some assumptions in

Read More

28
Sep
2018

Unconventional Automation: Ansible for FedRAMP

By:

Ansible today is more powerful than it has ever been. Over the past few years it has taken the IT automation world by storm. For sure there are other automation technologies that are ‘better’ or more ‘performant’ within certain niches. But as a general-purpose, one-size-fits-most automation solution, Ansible is the dominant technology. One area where Ansible

Read More

26
Sep
2018

VMware Provisioning and Automation with Ansible

By:

All, in just a week I am going to be at AnsibleFest in Austin, TX to give a talk and see what others are doing. As part of Fest this year, Ansible wants people to share their automation stories. I wanted to give a quick look at mine as a way of introducing the VMWare

Read More

20
Sep
2018

Insider Threat Mitigation – Just Players in a Risk Management Game

By:

Let’s meet some actors in this game, shall we?  First, we have Roger, who is angry that his peers have gotten promoted over him and he received a paltry bonus this year.  Roger decided to reset production server accounts to a password only he knows, cover his tracks, and proclaim ignorance when a severe incident

Read More