Optiv Blog

Maturing IR Capabilities into an Incident Management Program – Part 3 of 3

· By Jenn Black · 0 Comments

Incident response has become one of the most critical aspects of any overall security strategy, but a solid incident response program (IRP) is something many organizations – both large and small – either lack entirely or don’t take seriously enough.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #5 Personnel

· By Shawn Asmus · 0 Comments

t’s no secret that finding and retaining dependable, well-trained application security professionals is a serious challenge, and has been for years. Part of the problem is that the breadth and depth of AppSec knowledge is rather astronomical; one could argue that it’s exponentially wider than network security and grows at a much faster rate. Based on what I’ve seen, teams tend to be perpetually short-staffed and undertrained.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #4 Metrics

· By Shawn Asmus · 0 Comments

As the secure SDLC program matures, vulnerabilities should be caught and remediated earlier in the lifecycle. To know if the program is truly working, organizations must capture metrics. The specific metrics chosen should support and align with the organization’s business objectives and risk management program.

Continue reading 0 Shares

Maturing IR Capabilities into an Incident Management Program – Part 2 of 3

· By Jenn Black, Jeff Wichman, Case Barnes, Erik Schmidt, Curtis Fechner · 0 Comments

The capability to respond effectively to cyber incidents is one of the most critical components of an enterprise security program. However, many companies still lack a solid incident response program (IRP) entirely or don’t take incident response planning seriously enough.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #3 Knowledge Management

· By Shawn Asmus · 0 Comments

The term “knowledge management” (KM) refers to using vulnerability mining to turn remediation into lessons learned. Essentially this involves taking knowledge from security remediation activities and placing it within a KM repository that developers, architects and other stakeholders can access. By sharing remediation information across teams, an organization can remove or reduce intelligence silos that contribute to recurring and familiar software bugs.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #2 Assessment Toolchain

· By Shawn Asmus · 0 Comments

Most organizations would agree that maintaining a fast, predictable flow of planned work (e.g. projects, scheduled changes) that achieves business goals while minimizing the impact of unplanned work (e.g. bug fixes, outages) is the ultimate IT goal. Security assessment activities should be part of planned work, and to accomplish that, the right tools must be selected.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #1 Application Catalog

· By Shawn Asmus · 0 Comments

Building an application catalog is a critical step towards maintaining governance over a secure SDLC program. The primary purposes of the catalog are to provide teams information on which technologies are in place in the enterprise (Java, .Net, third-party libraries, platforms) and criteria for identifying which applications are mission critical and/or high risk.

Continue reading 0 Shares

From Low to p0wn (Part 3 of 3)

· By Doug Rogahn · 0 Comments

In the final installment, we will again be looking at an instance of vulnerability stacking, this time, however, we’ll be focused on account management. I have seen the set of issues I will discuss in this post all reported as low severity. I have also seen instances where the severity has been increased due to the ability to combine the vulnerabilities associated with an application to perform a more advanced attack.

Continue reading 0 Shares

From Low to p0wn (Part 2 of 3)

· By Doug Rogahn · 0 Comments

In the scenario, we focus on session management. The most common session management mechanism is a session cookie. We commonly see session cookies without the secure flag. Issues like weak SSL encryption ciphers, the presence of an invalid SSL certificate or missing the HTTP Strict Transport Security (HSTS) header weaken the security posture of the application and increase the likelihood of an attacker being able to intercept and view the application communications.

Continue reading 0 Shares

From Low to p0wn (Part 1 of 3)

· By Doug Rogahn · 0 Comments

There is a growing trend in the information security and risk management world of ignoring low severity findings from security testing. Perhaps it stems from PCI allowing organizations to pass audits with outstanding, low severity vulnerabilities. Perhaps it is a result of the volume of findings needing remediation coupled with insufficient resources. Whatever the cause, the result is low severity findings being deprioritized and forgotten.

Continue reading 0 Shares
(181 Results)