Pen testers often need to stage payloads and other tools on servers outside of their own infrastructure. In this post I’ll show you how to use the Amazon AWS command line interface (CLI) to dynamically create and manage S3 buckets that you can use in your own pen tests. I’ll also show you how to […]
Posts Tagged ‘security’
Ransomware Attack Affects 23 Texas Local Government Agencies
In what appears as a highly coordinated attack by a single actor, 23 local government agencies in the state of Texas were hit with ransomware. This extends the recent trend where local government entities were targeted, some of which have led to the attackers being paid millions of dollars via crypto-currency. A first line of […]
Security and Compliance in Microsoft Teams
Whether your company has 10 people or 10,000 people, security measures need to be in place to ensure a safe, secure, and compliant environment for your end users. Many companies will often be required to adhere to certain security regulations and compliance standards but rest assured Microsoft has your back. Microsoft understands this need for […]
Microsoft Intelligent Security Solutions
Part 1 – Microsoft Secure Score 56 Security Actions You Can Take Today to Improve Your Security Posture Microsoft has been investing substantially in security and compliance since 2004, and today that investment protects all Microsoft products, but none more so than Office 365 and Azure. One shining culmination of that investment is Microsoft Secure […]
Boost Cloud Security in Offshore Software Development Projects
The cloud has changed the business landscape by enabling collaboration on a completely new level, which has resulted in massive leaps in creativity and innovation. Companies can now build teams of highly qualified professionals without worrying about geographical limitations. Organizations no longer need to invest heavily in IT hardware, which implicitly leads to a reduction […]
Automated Security Testing Best Practices
Implementing automated security testing throughout the development lifecycle is critical to avoid major problems further down the line. However, when resorting to IT outsourcing, some organizations treat deliverables as separate from their normal pipeline, leading to lax security testing. The problem becomes even more complicated for those organizations that do all their security testing once […]
Azure Active Directory Setup with Multi-Factor Authentication
I was recently asked to setup an eCommerce Windows site environment that can be managed from a centralized location and comply with the Payment Card Industry Data Security Standard (PCI DSS). Active Directory is the solution from where Windows servers can be controlled and managed using Domain Users and Group Policies. However, an additional layer […]
How Reliable is Automated Security Testing?
As the Internet of Things expands, software is being embedded in all manner of physical objects. This is boosting the demand for security testing, with automated processes integral to the development pipeline. But not all approaches are created equal. In order for DevSecOps practices to be properly integrated into a product lifecycle, with the right tests […]
The State of DevSecOps in 2019
In recent years there has been significant progress integrating security into software development lifecycles. However, software security is necessarily dynamic and evolving, which inevitably results in some fallbacks, too. The good news is that, as with any challenge, there are some positive lessons that can give us foresight into where DevSecOps is heading in 2019. […]
Healthcare Cloud Usage Grows Despite Doubts
The healthcare industry is leaning upon cloud more heavily, but there is still mistrust regarding its security, according to research presented at HIMSS 2019. The insights, shared by HIMSS Media’s Janet King at the conference, show contradictions around cloud in the industry. Security worries persist despite cloud usage growing. Here are the five key takeaways […]
5 Tips for Managing IP and Security Protections When Outsourcing
Information security and IP protections are more important than ever, considering the resounding impacts of the latest security breaches and the numerous points of vulnerability. In 2018 alone, Facebook, Uber, Google+, T-Mobile, and FIFA all experienced security breaches with each breach affecting, at a minimum, millions of users and costing millions of dollars. In fact, […]
Mastering AEM Dispatcher Part 7: Securing the Dispatcher
We’re locking down the AEM Dispatcher as we continue in the series, Mastering the AEM Dispatcher. In this post, we’ll discuss gotchas with Sling Servlets and the AEM Dispatcher and a tool to scan your Dispatcher for common security issues. The AEM Dispatcher is not just a caching engine and load balancer is the first […]