Author: Bethany Kozal

Tales From the Road: Oops, We Did it Again! Breaking the Bank During a Red Team Assessment

Plus: 10 Tips to Keep Your Organization Out of the Red A financial institution enlisted our services to perform a Red Team assessment – an effective approach to simulate a real-world threat actor attempting to compromise an organization from the outside in. Using an email phishing campaign combined with a physical breach, DirectDefense consultants uncovered… Read more »

Tales From the Road: The Best Defense Against Injection Attacks is to Protect Your Legacy App

How DirectDefense accessed sensitive financial and personal data through injection vulnerabilities The best defense against injection attacks is to secure legacy applications by leveraging an app security assessment. Got a legacy app? Then listen up: Legacy applications can be particularly susceptible to injection attacks and organizations should take immediate action to remediate this vulnerability before… Read more »

Tales From the Road: How DirectDefense Got a Free, Round Trip Ticket to an Airline’s Internal Network During a Physical Pen Test

Using Simulated Security Attacks to Test Network and Physical Vulnerabilities DirectDefense was asked by an airline to conduct security testing through simulated security attacks to help identify vulnerabilities that could put the airline’s data and operations at risk. As part of the engagement, DirectDefense: Spoiler Alert: Through effective tactics, like tailgating, we were able to… Read more »

Apex Labs – DirectDefense’s Greg Leonard to Instruct SANS Institute Secure DevOps Course

Students will learn the fundamentals of DevOps and how DevOps teams can build and deliver secure software.  In a time when the drive for technology efficiencies has left security in the dust, organizations focused on developing code are now starting to realize the true importance of what secure DevOps means. DevOps security or DevSecOps is… Read more »

Tales from the Road: The Anatomy of Password Attacks

It’s time to rethink your password policy to prevent modern password attacks.  If you think your company’s policy of requiring passwords to have a minimum length of eight characters, in addition to other complexity requirements, is sufficient to effectively prevent modern password attacks, think again.   Our client, a global corporation with business units in more… Read more »