Optiv Blog

PCI DSS and the Network Diagram

· By John Clark ·

This post is designed to give a high level overview of what should be included in a network diagram and how to incorporate simple data flow indicators to help address the all important question of what is the scope of your PCI DSS assessment.

Continue reading

The Times They Are A-Changin'

· By Accuvant LABS R&D Team ·

We at Accuvant LABS have been overwhelmed by the positive feedback we’ve received for our research paper “Browser Security Comparison – A Quantitative Approach”.  By now many have had a chance to sit down with the paper and understand the materials, as evidenced by the sheer amount of feedback we’ve received. 

Continue reading

Inherent and Residual Risk: How Both Scores Drive Enterprise Risk Decisions

·

A commonly accepted definition of risk is: “The likelihood that a threat (or a threat agent) will exploit a given vulnerability, multiplied by the business impact of that exploit.” In information security, threats are typically broken down into the three categories of natural, facility or human, and the impacts are assessed against the confidentiality, integrity and availability of information assets.

Continue reading

Measure Twice, Cut Once

· By Accuvant LABS R&D Team ·

Shortly, Accuvant LABS will be releasing some research findings on web browser security.  Instead of relying solely on statistical data regarding vulnerabilities, we took the approach of analyzing and comparing the implementation of anti-exploitation technologies.  We reasoned that this approach would provide the best comparison of the relative security of different browsers. 

Continue reading

Mozilla Firefox, Google Chrome or Microsoft Internet Explorer - Which Web Browser is Most Secured?

· By Accuvant LABS R&D Team ·

Accuvant LABS has just released some new research that compares the security of three of the most widely used web browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer. Google commissioned Accuvant to perform this comprehensive and independently designed security analysis to help advance the discussion of best practices in the security community.  Our research

Continue reading

Crack the Case Before You Open It

· By Benjamin Stephan ·

Conventional forensics has long since had a consistent approach to investigations: grab the data from the infected machines, load it into an analysis tool, start digging until you can find something or exhaust all avenues of possibility.

Continue reading

Security Assessment Pitfalls: Avoid the Trap

· By Todd Salmon ·

FishNet Securitys Assessment Team has delivered on thousands of projects involving Vulnerability Assessments, Penetration Tests, Wireless Security Assessments and Social Engineering. During these engagements, we frequently observe a number of recurring themes in regards to common findings and vulnerabilities.

Continue reading

Path of Least Resistance

· By Tim Medin ·

I do a good number of internal penetration tests, and I have found one particular series of techniques that tend to be very quick and efficient at gaining Domain Administrator-level access. Of course, the viability of this depends on the environment and the configurations, and since this technique depends on default configurations, it is usually very effective because defaults aren't usually changed.

Continue reading

Securing Network Architecture - Part 2

· By Arif Faiz ·

The methodology of securing any network architecture should include, but not be limited to, the network topology, security assets, device features and security device configurations. Security technology policies for remote access, network segmentation, server protection, and authentication and firewall design should also be evaluated.

Continue reading

Securing Network Architecture - Part 1

· By Arif Faiz ·

Today, securing a network cannot be fully accomplished with just a product or a solution. Rather, an in-depth holistic approach is required to protect business critical systems. In order to protect critical business services and assets, organizations need to be confident that their network security architecture is providing a strong and comprehensive defense.

Continue reading
(24 Results)