Optiv Blog

PCI DSS and the Network Diagram

· By John Clark · 0 Comments

This post is designed to give a high level overview of what should be included in a network diagram and how to incorporate simple data flow indicators to help address the all important question of what is the scope of your PCI DSS assessment.

Continue reading 0 Shares

The Times They Are A-Changin'

· By Accuvant LABS R&D Team · 0 Comments

We at Accuvant LABS have been overwhelmed by the positive feedback we’ve received for our research paper “Browser Security Comparison – A Quantitative Approach”.  By now many have had a chance to sit down with the paper and understand the materials, as evidenced by the sheer amount of feedback we’ve received. 

Continue reading 0 Shares

Inherent and Residual Risk: How Both Scores Drive Enterprise Risk Decisions

· 0 Comments

A commonly accepted definition of risk is: “The likelihood that a threat (or a threat agent) will exploit a given vulnerability, multiplied by the business impact of that exploit.” In information security, threats are typically broken down into the three categories of natural, facility or human, and the impacts are assessed against the confidentiality, integrity and availability of information assets.

Continue reading 0 Shares

Measure Twice, Cut Once

· By Accuvant LABS R&D Team · 0 Comments

Shortly, Accuvant LABS will be releasing some research findings on web browser security.  Instead of relying solely on statistical data regarding vulnerabilities, we took the approach of analyzing and comparing the implementation of anti-exploitation technologies.  We reasoned that this approach would provide the best comparison of the relative security of different browsers. 

Continue reading 0 Shares

Mozilla Firefox, Google Chrome or Microsoft Internet Explorer - Which Web Browser is Most Secured?

· By Accuvant LABS R&D Team · 0 Comments

Accuvant LABS has just released some new research that compares the security of three of the most widely used web browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer. Google commissioned Accuvant to perform this comprehensive and independently designed security analysis to help advance the discussion of best practices in the security community.  Our research

Continue reading 0 Shares

Crack the Case Before You Open It

· By Benjamin Stephan · 0 Comments

Conventional forensics has long since had a consistent approach to investigations: grab the data from the infected machines, load it into an analysis tool, start digging until you can find something or exhaust all avenues of possibility.

Continue reading 0 Shares

Security Assessment Pitfalls: Avoid the Trap

· By Todd Salmon · 0 Comments

FishNet Securitys Assessment Team has delivered on thousands of projects involving Vulnerability Assessments, Penetration Tests, Wireless Security Assessments and Social Engineering. During these engagements, we frequently observe a number of recurring themes in regards to common findings and vulnerabilities.

Continue reading 0 Shares

Path of Least Resistance

· By Tim Medin · 0 Comments

I do a good number of internal penetration tests, and I have found one particular series of techniques that tend to be very quick and efficient at gaining Domain Administrator-level access. Of course, the viability of this depends on the environment and the configurations, and since this technique depends on default configurations, it is usually very effective because defaults aren't usually changed.

Continue reading 0 Shares

Securing Network Architecture - Part 2

· By Arif Faiz · 0 Comments

The methodology of securing any network architecture should include, but not be limited to, the network topology, security assets, device features and security device configurations. Security technology policies for remote access, network segmentation, server protection, and authentication and firewall design should also be evaluated.

Continue reading 0 Shares

Securing Network Architecture - Part 1

· By Arif Faiz · 0 Comments

Today, securing a network cannot be fully accomplished with just a product or a solution. Rather, an in-depth holistic approach is required to protect business critical systems. In order to protect critical business services and assets, organizations need to be confident that their network security architecture is providing a strong and comprehensive defense.

Continue reading 0 Shares
(24 Results)