Lesson 5: After the first week, many of these assessment techniques don’t all fit together or seem congruent. Mid next-week, I think a lot of these pieces will start to come together to form a big picture. The recommendations I’ve given so far are not things I’ve seen or heard from the community […]

Last night Rich Mogull of Securosis, and co-host of Network Security Podcast, hosted SunSec (which was on hiatus for far too long) at the Furio in Scottsdale. It was a great turnout last night — about twenty people had shown up and talked up all kinds of storms for several hours.
Dre and I talked with […]

Lesson 4: We’ve touched on some of the critical-path ways to assess and protect your infrastructure including network segmentation and OS/application sandboxing. Often, the weakest area of technology is what you can’t segment or sandbox effectively, which today is why we will be covering web applications.
Part 1: Information assurance vulnerability assessment — Web applications
With […]

Lesson 3: After the first few days, we’ve covered securing WiFi, as well as basic software assurance tools to get you started with a web browser and crawler. This is just the beginning.
Part 1: Information assurance vulnerability assessment — Sandboxing insecure defaults and unnecessary services
Sandboxing is often referred to by many things, such as […]

Lesson 2: We hope that you are enjoying the format of these, as well as the content. Yesterday, I talked about how rogue AP’s/clients can be scanned for without adding infrastructure or spending active time walking around the office. I also introduced software assurance tools, including most of the popular and best browser-based […]