Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
03.23.21You may recall that last year we were able to compromise a major corporate network during a physical penetration test by gaining access to the building under the guise of someone interviewing for a landscaping job. Once inside – due to a lack of network segmentation and other controls – we were able to access… Read more »
02.16.21How We Put One Client’s Web App Security to the Ultimate Test Did you know that web applications have become the #1 target for the exploitation of vulnerabilities? Check out these alarming stats: Researchers found around 70 types of weaknesses in web applications. (Source: PT Security) 46% of web applications have critical vulnerabilities. (Acunetix’s report… Read more »
02.09.21If you don’t want to issue the dreaded boil-water advisory then make sure your wireless network is hacker- proof. How our team was able to drive up to a municipal water utility, join the wireless SCADA network and gain the access needed to do some major damage to the water supply – all in 10… Read more »
01.12.21Keep Your Organization Safe Around the Clock with a Cyber Security Operations Center from an MSSP Here’s a projection that’s hard to ignore: the cost of cybercrime is expected to exceed $8 billion by 2022. The reality of that amount of financial fallout from cyber attacks is staggering. Driving up the cost of cybercrime is… Read more »
Part 1: Get Inside the Heads of the DirectDefense Team as We Launched an Attack on a Client’s System to Bypass Passwords and Gain Access to “Protected” Critical Data This post is the first in a 2-part series addressing the need for strong passwords across all industries to adequately protect important company and user data.… Read more »
Part 2: Get Rid of Weak Passwords like Winter2020 and Password1 – Our Attack into One Company’s Database Highlights the Risk of Poor Passwords This post is the second in our 2-part series addressing the need for strong passwords across all industries to adequately protect critical information. In a recent client engagement, we set out… Read more »
12.16.20Assessing the Cost of Security Vulnerabilities During a Pandemic Year As everyone is aware, the pandemic of 2020 made conducting business, even at a basic level, challenging. Organizations were faced with managing their existing security vulnerabilities, in addition to adapting their information security to the “new normal”. In March, companies across the U.S. completed a… Read more »
The Complexities Created by Using JavaScript Object Notation to Transfer Data Among the web application vulnerability tests that we perform at DirectDefense is an application security assessment for CSRF. CSRF, or Cross-Site Request Forgery, is an attack that takes advantage of the predictability of requests and browsers’ automatic submission of session cookies to perform unintended… Read more »
The necessity of the validation and sanitation of URLs for client-side work. As an application pentester, my life is relatively free of conflict. I lack the on-court physical conflict of a professional athlete battling her hated rivals, taunting them on various social media accounts, keeping up her stats, negotiating ever larger contracts with the team… Read more »
Overwhelmed by Azure Security Center? We can help. Azure Security Center can help identify and remediate vulnerabilities on your cloud resources that might go unnoticed. Security Center provides a unified security management system that can provide security insights, detect vulnerabilities and best practice deficiencies, as well as protect against threats. But as your environment grows,… Read more »
