Optiv Blog

Testing Web App CAPTCHA controls

· By Mark Maxey · 0 Comments

CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge-response test used by many web applications to ensure that the response is not generated by a computer. CAPTCHA implementations are often vulnerable to various kinds of attacks even if the generated CAPTCHA is unbreakable.

Continue reading 0 Shares

Accuvant Launches Accuvant Labs at BlackHat USA Conference

· By Accuvant LABS R&D Team · 0 Comments

Today, during the 2009 BlackHat conference in Las Vegas, Accuvant officially announced the addition of a research and development division to its security assessment practice, which is now called Accuvant Labs. This is significant for several reasons. First, security research experts Alex Wheeler and Ryan Smith, who most recently were recently credited with discovering Microsoft’s ActiveX

Continue reading 0 Shares

Creating a Solid Security Program

· By Kirk Greene · 0 Comments

A successful security program is not run like a dictatorship but rather like a partnership, one of the team, all fighting for a common cause. In order to have a successful security program within an organization everyone has to be involved and support it.Over my 10 plus years of security consulting I’ve seen hundreds of

Continue reading 0 Shares

Most Common Internal Vulnerabilities Found

· By Kirk Greene · 0 Comments

You can patch OSes all you want and scan your network with just about any general vulnerability scanner but you've left out one very important step - password policy enforcement beyond just domain accounts.I thought that I take a quick moment to answer an ongoing comment/question that always seems to come up at the various

Continue reading 0 Shares

SCTP Linux Kernel Vulnerability Assessment and Reproduction

· By Unknown · 0 Comments

Overview: The blog post here makes statements about a vulnerability in the Linux kernel handling of SCTP data. The primary point of the post is to show how a vulnerability that was once thought to be of a relative low risk was incorrectly assessed and it can provide a 3rd party remote access to a server using SCTP.

Continue reading 0 Shares

Accuvant speaks at Blackhat Europe

· By Jon Miller · 0 Comments

So the week before last Neel Mehta of Google, Alex Wheeler of TippingPoint, Dave Bonvillain of Accuvant, and myself made our way to Amsterdam to speak at Blackhat Europe. The topic of our talk was 'Cutting thru the Hype: An Analysis of Application Security Testing Methodologies' (Dave's name)... we were going to speak about all

Continue reading 0 Shares

The difference between high speed and low drag application assessments.

· By Accuvant LABS R&D Team · 0 Comments

The difference between a mediocre application assessment and a stellar one is assimilation of information and the ability to apply it to the problem at hand. During an application assessment an individual has a limited amount of time to understand an application, its underlying architecture, the development methodology and compress that into knowledge that can

Continue reading 0 Shares
(7 Results)