Tales From the Road: Who’s in the Driver’s Seat of Your Physical Security?
07.27.22DirectDefense conducted a physical security test at a utility company and was able to have their run of the business – and a Tesla.
07.27.2207.27.22Category: Security Assessments & Testing
07.27.22
Tales from the Road: The Anatomy of Password Attacks
03.16.22It’s time to rethink your password policy to prevent modern password attacks. If you think your company’s policy of requiring passwords to have a minimum length of eight characters, in addition to other complexity requirements, is sufficient to effectively prevent modern password attacks, think again. Our client, a global corporation with business units in more… Read more »
Tales From the Road: Think Your Web App is Hacker-Proof? Think again…
06.17.21How we identified serious vulnerabilities in a client’s web app that would allow bad actors to view confidential information.
Tales from the Road: Taking Control of Access Controls to Protect Sensitive Data from Unauthorized Users
04.29.21How a recent DirectDefense security assessment revealed a common application vulnerability through commandeering access controls.
Tales from the Road: Last Year the Landscaper Conducted a Successful Data Breach…How’d it go This Year?
03.23.21Take two of our team attempting to conduct a data breach at a company that previously let us in as landscaping job candidates. How’d it go this year?
Tales from the Road: Think Your Web Application is Attacker-Proof? Think again.
02.16.21Our information security and managed security services firm found vulnerabilities in our client’s web application security.
Tales from the Road: Y2K Called, It Wants Its Passwords Back
12.16.20Part 1: Get Inside the Heads of the DirectDefense Team as We Launched an Attack on a Client’s System to Bypass Passwords and Gain Access to “Protected” Critical Data This post is the first in a 2-part series addressing the need for strong passwords across all industries to adequately protect important company and user data.… Read more »
Tales from the Road: It’s 2020 and Your Passwords Still Suck
12.16.20Part 2: Get Rid of Weak Passwords like Winter2020 and Password1 Our Attack into One Company’s Database Highlights the Risk of Poor Passwords This post is the second in our 2-part series addressing the need for strong passwords across all industries to adequately protect critical information. In a recent client engagement, we set out to… Read more »
CSRF in the Age of JSON
09.22.20The Complexities Created by Using JavaScript Object Notation to Transfer Data At DirectDefense, we perform web application vulnerability tests, including application security assessments for CSRF. CSRF, or Cross-Site Request Forgery, is an attack that takes advantage of the predictability of requests and browsers’ automatic submission of session cookies to perform unintended actions on a victim’s… Read more »
Taking on the “Haters”: Pentesting User Session Vulnerabilities
08.31.20In this post about pentesting user session vulnerabilities, we discuss the necessity of the validation and sanitation of URLs.
