Why Cross-Site Scripting Always Matters
Recently, I identified and disclosed several cross-site scripting (XSS) vulnerabilities within a website I’ve recently started using. In case you…
SecureCheq Uncovers Critical Configuration Vulnerabilities
Tripwire today announced the availability of SecureCheq™, a lightweight, easy to use, free configuration utility that helps evaluate and repair…
Security Slice: The Rights and Wrongs of the Right to Know Law
California’s Right to Know law was recently put on hold because of push-back from various technology companies and business lobbies.…
Does Anybody Really Care About Vulnerability Scoring?
I’ve been involved in vulnerability scoring discussions more times than I can count. Colleagues, customers, conference-goers, and complete strangers all…
Passing NERC CIP Audits via Automation
This presentation will provide attendees with the keys to achieving and maintaining NERC CIP compliance using Tripwire solutions. Jeff Simon,…
VM.2: To Cloud or Not to Cloud? That is the Question…
In my second vulnerability management blog post (part one here), I’ll focus on-premise vs. cloud-based questions and try cover some…
Five Quick Wins from Verizon’s 2013 Data Breach Investigations Report
It’s that time of year again – new 2013 IT Security reports – trends, breach investigations, and more on 2012…
On Defending Against Unintended Consequences
With all the precautions you can take to actively protect sensitive data on your web server, sometimes there are unintended…