Lesson 13: Just this week, in lessons 12 and 13, we’ve covered — at least partially — how to significantly reduce risk and vulnerability to system and network infrastructure.  We touched on protecting applications, but we weren’t able to go into specific detail about how to handle the path of execution to the attacks, only […]

Lesson 12: Yesterday, I shamelessly recommended to ditch all commercial networking gear. In the same breath, I also made several Cisco configuration recommendations. This is just the way that I work. The idea is that network appliances increase risk, but at the same time — they also allow you to connect to […]

Lesson 11: Welcome back! I know that the last few weeks have been a lull, and even before ShmooCon there wasn’t a lot going on our security blog. However, you’re in for a real treat since I’m back with the daily ITSM Vulnerability Assessment techniques!
It’s no longer Spring break (well it is Spring […]

Lesson 10: You could say I’m a little late on posting something. However, we’ve been up to a lot of great research, hopefully much of which we’ll publish here over the next few weeks.
We had a few posts lately, some of with a change of heart. The latest must-read from the blog world […]

Lesson 9: Yesterday was a bit of a whirlwind, discussing BGP, Whois/RWhois, and the DOM all in one big post. I’ll try and keep it short and sweet today.
Arshan Dabirsiaghi (leader of the OWASP Anti-Samy Project), commented on yesterday’s post regarding how web application security scanners are immature. He thinks they are immature because of […]