Asset Discovery
The first step in securing any organization is to understand what you have. Unless you have a strong understanding of the systems and services on your network, you have no hope of keeping it both secure and usable. You could implement extremely strong controls to lock down everything, but then ... Read More
10 Tips for Engaging a Security Services Vendor
The Information Security market brought in an estimated $167 billion in 2019 and that’s expected to double in the next 4-5 years according to some estimates. With that huge growth comes an avalanche of security companies promising to fix all of your cyber worries. Some of them offer amazing services ... Read More
How to Test Your Security Controls for Small/Medium Businesses
We often get contacted by small businesses requesting their first penetration test because of compliance reasons, or because of “industry best practices,” or just to get an idea of how bad things really are. In many of those cases, their environment isn’t nearly mature enough to make a pentest worthwhile ... Read More
Compliance is not Security
Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security ... Read More
Silencing Firefox’s Chattiness for Web App Testing
Firefox is one chatty browser! Even if you don’t actually use it for anything, it’s constantly making requests out to the internet for things like updates, checking network status, and sending telemetry data back to Mozilla. When using Firefox for web app testing, I’ve often noticed the constant stream of ... Read More
Checking Under the Bed
I’ve got four kids and part of their chores involve cleaning up their bedrooms. Inevitably, their understanding of “clean enough” never quite matches our expectations. Now I could just live with the fact that there will always be a huge mess under their beds, but that doesn’t serve the point ... Read More
These Aren’t the Password Guidelines You’re Looking For
“You don’t need to see his identification.” It’s a classic line. With a flick of the wrist old Ben Kenobi deftly bypasses the identity & access management system of the poor Stormtroopers just doing their job. One would think, in that technological era, so long ago, that more advanced (and ... Read More
