Blog

Vulnerability Management Program Best Practices – Part 3
Blog

Vulnerability Management Program Best Practices – Part 3

By Editorial Staff on Thu, 01/28/2016
This is the conclusion to a three-part series of building a successful vulnerability management program. The first installment focused on Stage One, the vulnerability scanning progress. Without a foundation of people and process, the remaining stages are prone to failure. The second installment focused on Stage Two and Three, using a vulnerability...
Vulnerability & Risk Management
Vulnerability Management Program Best Practices – Part 2
Blog

Vulnerability Management Program Best Practices – Part 2

By Editorial Staff on Sun, 01/17/2016
Recently, I introduced a three-part series on how to build a successful vulnerability management program. The first installment examined Stage 1, the vulnerability scanning process. My next article investigates Stages 2 (asset discovery and inventory) and 3 (vulnerability detection), which occur primarily using the organization’s technology of choice...
Vulnerability & Risk Management
Vulnerability Management Program Best Practices – Part 1
Blog

Vulnerability Management Program Best Practices – Part 1

By Editorial Staff on Sun, 01/10/2016
An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization. Such vulnerability management technology can...
Vulnerability & Risk Management
Blog

Vulnerability Management: Just Turn It Off! Part III

Mon, 08/18/2014
Four unnecessary risks that often appear in even the most secure networks, and step-by-step instructions on how to immediately address these considerable risks that can be hurting the security of our environment.
Vulnerability & Risk Management
Blog

Vulnerability Management: Just Turn It Off! Part II

Wed, 08/06/2014
Our last post in the “Turn It Off!” blog series discussed some of the most common and yet unnecessary features that can make your environment more vulnerable, including JBoss JMX consoles, server banners and the Apache HTExploit. These risks are often encountered by our Vulnerability and Exposure Research Team (VERT), even on well-defended networks and many of which have been around for quite...
Vulnerability & Risk Management
Blog

Friends Don’t Let Friends Mix XSS and CSRF

By Craig Young on Sun, 02/16/2014
In preparation for my upcoming talk at BSides SF about finding vulnerabilities, I would like to share today some insights regarding two common types of vulnerabilities which leverage web browser in two unique ways. The goal of these vulnerabilities is quite different however. One is used to run untrusted code while the other is used to hijack authentication. The combined effect of these issues...
Vulnerability & Risk Management
Blog

Penetration Testing with Smartphones Part 1

Fri, 11/30/2012
When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network remotely. Companies focus most of the security spending and policies on keeping hackers out remotely, from firewalls and other security hardening appliances, software and tools. However, given the proliferation of mobile devices in the workplace and use of Wi-Fi...
Vulnerability & Risk Management