Optiv Blog

Bypassing CSRF Tokens via XSS

· By Scott Johnson, Tim MalcomVetter · 0 Comments

Many web development platforms provide libraries that handle the creation and validation of tokens with each HTTP request to prevent Cross Site Request Forgery (CSRF). Those libraries are very useful and should definitely be part of any web application. However, the anti-CSRF tokens can still be bypassed in certain conditions.

Continue reading 0 Shares

Don’t Chase the Latest “Shiny Object” Technology

· By Brian Wrozek · 0 Comments

When enterprises face security challenges, we too often see them respond by purchasing more point technologies. The lure of the latest “buy it, deploy it, forget it” vendor offer may seem like an easy fix but more spending on fragmented solutions has not reduced cyber crime incidents. On the contrary, incidents continue to accelerate in frequency. Why can’t we get ahead of the curve?

Continue reading 0 Shares

Breaking Credit Card Tokenization – Part 1

· By Tim MalcomVetter · 0 Comments

This is the first in a series of blog posts on the topic of breaking credit card tokenization systems and is the written version of several conference presentations I have given on this subject. This post will address the core terms and history before digging into one of the attacks we have successfully executed against some of our retail clients’ tokenized payment systems.

Continue reading 0 Shares

A Place at the Table - Part 2

· By Kristen Bell · 0 Comments

In the first part of this blog series, I explored the shortage of women in IT security and talked about the fact that women have been a part of technology since the beginning. In this post I will discuss how we all can become better mentors to young women interested in technology. I will also share some observations about the qualities women possess and what they can bring to the table to enhance our business.

Continue reading 0 Shares

A Place at the Table - Part 1

· By Kristen Bell · 0 Comments

Last year, I put together a presentation centered on women in IT security called, "A Place at the Table." The talk explored the reasons why women may not be attracted to our industry and how we can become better mentors to young women interested in technology. Some really compelling conclusions came out of my research and exploration into the topic. Due to the overwhelming interest in the topic, I decided to dive a little deeper into all of this and turn it into a blog series.

Continue reading 0 Shares

Assessing WCF NET.TCP Endpoint Configurations

· By Tim MalcomVetter · 0 Comments

Several years back, Microsoft shipped Windows Communication Foundation (WCF) as part of its .NET platform. The idea was simple: create a framework that could enable developers to write the code for a service one time only, and allow that code to run in a number of ways (SOAP/XML, REST/JSON, TCP Socket, etc.) via configuration.

Continue reading 0 Shares

Always Use Protection

· By Michael Soto · 0 Comments

The pace at which security exploits are being discovered on mobile operating systems is skyrocketing. They’re also having a major impact on device security, performance, and in some circumstances, can render your device useless and irreparably damaged. I’ll say it again. Your device can be rendered useless and irreparably damaged.

Continue reading 0 Shares

Security Lessons Learned From the Zombie Apocalypse

· By Michael Spencer · 0 Comments

I'll admit it, I love anything to do with zombies: films, books, you name it. Be honest, have you ever thought of what you'll do when the zombie apocalypse happens? Of course you have. I know I’ve personally spent hours contemplating the best strategy to increase my chance of survival. Luckily, my knowledge and experience as a security professional has helped me think through the best course of action.

Continue reading 0 Shares

Check Point Kernel Debugging, In-Depth

· By John Petrucci · 0 Comments

The following is a look into the features and inner-workings of debugging the Check Point firewall kernel. This information will prepare you to debug Check Point firewalls with more efficiency allowing you to readily identify relevant troubleshooting data. In the first section, I’ll discuss the different tools that allow you to peek under the hood and understand what’s going on inside the firewall.

Continue reading 0 Shares

Accessible Threat Intelligence

· By Derek Arnold · 0 Comments

Threat intelligence is a term that has entered our vocabulary as security practitioners over the last couple of years. According to Gartner, threat intelligence “is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice... that can be used to inform decisions regarding the subject's response to that menace or hazard.”

Continue reading 0 Shares
(58 Results)