Optiv Blog

Bypassing CSRF Tokens via XSS

· By Scott Johnson, Tim MalcomVetter · 0 Comments

Many web development platforms provide libraries that handle the creation and validation of tokens with each HTTP request to prevent Cross Site Request Forgery (CSRF). Those libraries are very useful and should definitely be part of any web application. However, the anti-CSRF tokens can still be bypassed in certain conditions.

Continue reading 0 Shares

Don’t Chase the Latest “Shiny Object” Technology

· By Brian Wrozek · 0 Comments

When enterprises face security challenges, we too often see them respond by purchasing more point technologies. The lure of the latest “buy it, deploy it, forget it” vendor offer may seem like an easy fix but more spending on fragmented solutions has not reduced cyber crime incidents. On the contrary, incidents continue to accelerate in frequency. Why can’t we get ahead of the curve?

Continue reading 0 Shares

Breaking Credit Card Tokenization – Part 1

· By Tim MalcomVetter · 0 Comments

This is the first in a series of blog posts on the topic of breaking credit card tokenization systems and is the written version of several conference presentations I have given on this subject. This post will address the core terms and history before digging into one of the attacks we have successfully executed against some of our retail clients’ tokenized payment systems.

Continue reading 0 Shares

A Place at the Table - Part 2

· By Kristen Bell · 0 Comments

In the first part of this blog series, I explored the shortage of women in IT security and talked about the fact that women have been a part of technology since the beginning. In this post I will discuss how we all can become better mentors to young women interested in technology. I will also share some observations about the qualities women possess and what they can bring to the table to enhance our business.

Continue reading 0 Shares

A Place at the Table - Part 1

· By Kristen Bell · 0 Comments

Last year, I put together a presentation centered on women in IT security called, "A Place at the Table." The talk explored the reasons why women may not be attracted to our industry and how we can become better mentors to young women interested in technology. Some really compelling conclusions came out of my research and exploration into the topic. Due to the overwhelming interest in the topic, I decided to dive a little deeper into all of this and turn it into a blog series.

Continue reading 0 Shares

Making Your Endpoints Intelligent

· By Lee Gitzes · 0 Comments

As you have probably heard ad nauseam by now, security in the modern computing world is no longer about putting up a wall and preventing threats from entering our environments. Securing our networks and more specifically our endpoints is only possible if we completely disconnect from other computers and eliminate human beings. In other words, the idea of being completely secure is a unicorn.

Continue reading 0 Shares

Endpoint Protection in the Cloud Era

· By Lee Gitzes · 0 Comments

Over the last several years there has been a major paradigm shift to a cloud computing model for enterprise computing. This new model has allowed a level of service, availability and scale that has never been seen before. As organizations have made the shift, many of the traditional management and security models have been upended and what used to work, no longer does.

Continue reading 0 Shares

Antivirus – Stick a Fork In It?

· By Lee Gitzes · 0 Comments

I am sure by now you have heard the rhetoric statement that Antivirus is DEAD. There has been quote after quote by many technology and security leaders over the last year making the claim. Many facts and figures have been published and according to industry statistics, if your Antivirus software captures 30% of the malware that it encounters, it is doing well.

Continue reading 0 Shares

Assessing WCF NET.TCP Endpoint Configurations

· By Tim MalcomVetter · 0 Comments

Several years back, Microsoft shipped Windows Communication Foundation (WCF) as part of its .NET platform. The idea was simple: create a framework that could enable developers to write the code for a service one time only, and allow that code to run in a number of ways (SOAP/XML, REST/JSON, TCP Socket, etc.) via configuration.

Continue reading 0 Shares

Always Use Protection

· By Michael Soto · 0 Comments

The pace at which security exploits are being discovered on mobile operating systems is skyrocketing. They’re also having a major impact on device security, performance, and in some circumstances, can render your device useless and irreparably damaged. I’ll say it again. Your device can be rendered useless and irreparably damaged.

Continue reading 0 Shares
(65 Results)