Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Is Your Application Sending Email as Securely as Possible?
Many web applications use email as a mechanism for user verification, password resets, real time notifications and much more. But security testers and threat modelers will warn application designers to minimize this use, as the confidentiality of SMTP email is not guaranteed. Of course, business needs often override these warnings and applications will in fact send and sometimes receive sensitive data through email. How can application testers verify that this is being done in the most secure way possible? Most of the application testing tools and training are oriented toward the web front end of applications. Not many tools are available to directly test the security of a back-end email server. While SMTP dates from 1982, Internet email has had many enhancements and upgrades since then. From the addition of TLS encryption in SMTP itself around 1999 a long series of add-on specifications have been put forward. Each deals with a specific aspect of email delivery. Some of these include Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), MTA Strict Transport Security (MTA-STS), SMTP TLS Reporting (TLS-RPT) and several more. These standards allow an email server to mitigate many types of threats. Most of these standards are very familiar to commercial email vendors and IT professionals but may have escaped notice by application testers and penetration testers. This presentation will explain how these standards fit into the application security world, and what threats to the application they mitigate. It will be shown how application security testers can verify these standards are configured and being used properly in a given application environment. Some free web-based tools and techniques will be demonstrated for testing some of these, as well as more robust testing methods using Burp Collaborator and other tools.
June 11, 2020
Optiv’s Source Zero is a new technical cybersecurity thought leadership resource.
This post helps prioritize efforts based on alert information you're already receiving from Microsoft #Defender #ATP.
August 13, 2020
Netwrix Account Lockout Examiner (versions prior to 5.1) allows an unauthenticated remote adversary to capture the NTLMv1/v2 challenge response....