Vulnerability Management and Assessment

February 5, 2020
3 Vulnerabilities to be on the Lookout for in 2020

3 Vulnerabilities to be on the Lookout for in 2020 1.Security Misconfigurations What is a security misconfiguration? A security misconfiguration...

Read More
December 6, 2018
REST Assured: Penetration Testing REST APIs Using Burp Suite: Part 3 – Reporting

Welcome back to the REST Assured blog series for Part 3: Reporting. While often overlooked by security professionals, compiling reports...

Read More
November 18, 2018
REST Assured: Penetration Testing REST APIs Using Burp Suite: Part 2 – Testing

Welcome back! In part 1 of REST Assured blog series, we discussed the definitions and history behind APIs, and we...

Read More
July 18, 2018
A Tale Of Two Tools: When Splunk met SecurityCenter

Co-Authors:  Keith Rhea and Alex Nanthavong It was the best of times, it was the worst of times, it was...

Read More
July 5, 2018
Hardware Vulnerability: Understanding Spectre, Meltdown and the Price of Unchecked Modernization

Firewalls, encryption, antivirus software, armed security guards, dual authentication and every other added security mechanism that exists to secure data,...

Read More
June 10, 2018
Inherent Risk Tiering for Third-Party Vendor Assessments

It can be a challenging and overwhelming task to adequately manage the risk associated with outsourcing technology or business processes,...

Read More
November 24, 2016
Stop by Booth 118 @ AWS re:Invent to Learn How We Can Secure Your Cloud

Read More
October 27, 2016
When Perception is Not Reality: Perspectives on State-Sponsored Hacking and Retaliation

NBC News recently reported that the CIA is poised to launch a retaliatory cyber-attack against Russian computer systems. This comes...

Read More
August 5, 2016
Hacking Hillary: Recent Breaches against Democratic Political Groups

A recent leak of thousands of Democratic National Committee emails cast a long shadow over the Democratic Convention in Philadelphia...

Read More
October 15, 2015
Privilege Escalation via Group Policy Preferences (GPP)

While this is not a new topic in the penetration testing world by any means [Chris Gates (@carnal0wnage) and others...

Read More
September 10, 2013
Stocking the Toolbox – Cloud Unpacked

Ah the cloud. A stellar piece of human ingenuity and design that allows us to access our data from anywhere...

Read More
March 18, 2011
Vulnerability Management White Paper

Recently, I was asked to put together a white paper describing some work we’ve done related to supporting a vulnerability...

Read More