Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
11.14.16With today’s announcement of the FriendFinder Network website hack and the announcement that over 412 Million passwords were cracked, there is and will be a lot of discussion about the need for better protection of passwords at rest. While this is true, we caution that one of the most common issues that get lost in this discussion… Read more »
11.14.16So, as we come to the end of 2016, it is time to start looking ahead to the security challenges our customers will face in 2017. 2016 was full of security events from the hacking successes that made the news during the election year, to the deluge of ransomware that everyone is facing, to the… Read more »
10.10.16Can you believe it’s already October? We have to wait until the 31st to celebrate Halloween, but October 1st kicked off “National Cybersecurity Awareness Month (NCSAM)”. National Cybersecurity Alliance, in partnership with the Department of Homeland Security, runs this annual campaign in an effort to “engage and educate public and private sector partners through events… Read more »
05.27.16PCI Scope reduction is a great way to make PCI compliance simpler and to reduce risk. PCI Scope reduction reduces the attack surface area and the number of systems that must be maintained to the PCI standards…. “Less is more.” This blog post discusses web page redirects, which are an excellent method to get many… Read more »
04.25.16As penetration testers, through the years, we have learned one indisputable fact: There is no such thing as a 100% secure network. Sure, we have encountered wide variances in the maturity level and effectiveness of information security programs of various organizations, but we have yet to encounter an organization that is impenetrable – not even… Read more »
03.28.16Tokenization techniques are rapidly evolving to address PCI scope reduction efforts and securing cardholder data from breaches. PCI scope reduction is integral in simplifying PCI compliance and reducing risk overall in the environment. Effectively minimizing attack surface area and limiting the number of systems assessed to PCI standards, scope reduction is crucial. The issue of… Read more »
12.26.15It is that time of the year again, when we force ourselves to stop for a moment and reflect on the events and technologies that we have encountered over the past year then adjust our service offerings to better meet the needs of our clients and the information security industry as a whole. In our… Read more »
12.09.13We are almost to the end of another year, and it has been a busy one for us here at DirectDefense. In addition to performing our normal engagements, such as performing network and application penetration tests, we have also enjoyed a lot of positive feedback from our presentation series – Catch me if you Can. During… Read more »
12.02.13From time to time, application developers implement strong security controls. A “strong control” might not capture exactly what we will be talking about today, but it does pose a huge problem for most application scanners. We have all seen a wide usage of one-time tokens in applications (aka nonce values) that are used to deter… Read more »
10.29.13Chances are, your password policy is weak and ineffective at preventing security breaches, but there are ways to quickly fix it.
