Posts Tagged ‘risk assessment’

Application security assessment

How To Use The AWS API With S3 Buckets In Your Pen Test

Pen testers often need to stage payloads and other tools on servers outside of their own infrastructure.  In this post I’ll show you how to use the Amazon AWS command line interface (CLI) to dynamically create and manage S3 buckets that you can use in your own pen tests.  I’ll also show you how to […]

How To Assess The Risk Level Of A Change To A Regulated System

This is post #4 in a short series about assessing and mitigating risk with regulated software. Over the past few weeks, I’ve discussed the rationale for taking a risk-based approach to this topic, as well as the first couple of steps to take: determining whether a system is regulated and, if so, determining its risk […]

Beyond Compliance – IT Risk Self-assessments

In the financial services practice, compliance audits and vendor security evaluations are the norm for IT and operations. Our customers must meet standards to participate in the industry, to protect their assets, to protect their customers’ personally identifying information, and to meet their regulatory requirements as a business.  When IT organizations take part in completing […]