Tales From the Road: The Best Defense Against Injection Attacks is to Protect Your Legacy App

How DirectDefense accessed sensitive financial and personal data through injection vulnerabilities The best defense against injection attacks is to secure legacy applications by leveraging an app security assessment. Got a legacy app? Then listen up: Legacy applications can be particularly susceptible to injection attacks and organizations should take immediate action to remediate this vulnerability before… Read more »

Tales From the Road: How DirectDefense Got a Free, Round Trip Ticket to an Airline’s Internal Network During a Physical Pen Test

Using Simulated Security Attacks to Test Network and Physical Vulnerabilities DirectDefense was asked by an airline to conduct security testing through simulated security attacks to help identify vulnerabilities that could put the airline’s data and operations at risk. As part of the engagement, DirectDefense: Spoiler Alert: Through effective tactics, like tailgating, we were able to… Read more »

A New Content Agnostic Solution for Fake News Detection

Exploring Fake News Detection as a Service Automated or machine-learning solutions for fake news detection are both necessary and challenging in the fight against misinformation. This post explores the first automatic, content-agnostic approach to fake news detection, FNDaaS, which considers both new and unstudied website features. The Challenges of Fake News Detection Using Current Methods… Read more »

Assessing Memory Safety in Programming Languages Like Rust and Go

Can These Languages Eliminate Memory-Handling Vulnerabilities for Programmers? Much has been made recently of the memory safety provided by programming languages like Rust and Go. These languages have been designed to eliminate some of the language weaknesses that make it so easy for C and C++ programmers to write vulnerable software. These memory-safe languages are… Read more »

Cryptography Use Cases: The Prevalence of False Positives and Severities

What We Can Learn From an Examination of the Misapplication of Cryptography In this post, I present my thoughts and learnings from a research paper focused on cryptography use cases demonstrating misapplication. The authors undertook a study building on some previous work by other authors, going further to study the prevalence of false positives in… Read more »

Is There Data Snooping in the Electronics Repair Services Industry?

Apex Labs Dissects a 4-Part Study on Privacy and Security Issues in Electronics Repair Is there data snooping by electronics technicians when we bring our devices in for repair? The researchers in this paper claim to have conducted the first-ever comprehensive study to understand the state of privacy in the electronics repair services industry. While… Read more »