HackDig : Dig high-quality web security articles for hacker

Threat Intelligence: A Tear-Free Solution to Help SOC Analysts Prepare for the Next WannaCry

It’s been nearly six months since the WannaCry ransomware stole global headlines and thousands of security practitioners flocked to threat intelligence feeds to help streamline their investigations. While the security community has learned many valuable lessons from the attack, it’s impossible to say that a strike of this magnitude won’t ha
Publish At:2017-10-26 01:10 | Read:207 | Comments:0 | Tags:Malware Security Intelligence & Analytics Threat Intelligenc

Don’t Just Put Out the Zero-Day Fire — Get Rid of the Fuel

How often have you heard a co-worker say that he or she had to put out a fire? Depending on your job role, you may have anywhere from one to more than a dozen so-called fires weekly. A zero-day vulnerability is an example of a work-related fire that a security operations analyst might have to extinguish. Enterprises should be prepared to handle zero-day fir
Publish At:2017-10-22 05:00 | Read:167 | Comments:0 | Tags:Advanced Threats Endpoint Risk Management Software & App Vul

Basic Security Tools You Cannot Afford to Miss in Your Risk Management Program

Risk management is the process of identifying, assessing and controlling threats to an organization. It is also a way to increase the security maturity of an organization. Risk management allows you to think about security more strategically and answer the questions that come from your company board, such as: How many times was the organization attacked? Is
Publish At:2017-10-03 08:40 | Read:386 | Comments:0 | Tags:CISO Incident Response Risk Management Incident Management I

The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing
Publish At:2017-09-21 19:15 | Read:289 | Comments:0 | Tags:Application Security CISO Agile DevOps SecDevOps Security Pr

Don’t Sweep Web Application Penetration Testing Under the Rug

Web application penetration testing is one of the most critical components of your information security program. The exploitation of a web-related vulnerability could result in a massive breach, so web security must be front and center in any organization. However, I often see people sweep web security under the rug and fail to follow through on their find
Publish At:2017-09-21 00:50 | Read:258 | Comments:0 | Tags:Application Security Risk Management Application Security Te

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:325 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:259 | Comments:0 | Tags:Application Security Risk Management Application Development

Eight Myths Not to Believe About Penetration Testing

Penetration testing — the process of trying to break into one’s own system to find vulnerabilities before cybercriminals do — is an integral part of information security. The data gleaned from these evaluations can help companies remediate flaws in their security infrastructure before fraudsters have a chance to expose them. Dispelling Eight Penetratio
Publish At:2017-08-10 20:40 | Read:337 | Comments:0 | Tags:Data Protection Risk Management Data Breaches Penetration Te

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av
Publish At:2017-08-09 07:50 | Read:346 | Comments:0 | Tags:CISO Risk Management Security Intelligence & Analytics Patch

The Living Dead: How to Protect Legacy Systems

The recent widespread attacks of WannaCry and NotPetya both used known vulnerabilities of legacy operating systems, namely SMB v1 protocol. In general, known vulnerabilities are easy to mitigate as long as patches and updates are provided. But in these cases, many organizations seem to have ignored the advice to patch their systems — or maybe not. There ar
Publish At:2017-07-20 21:00 | Read:415 | Comments:0 | Tags:Network Risk Management Legacy Applications legacy systems n

Going Through a Rough Patch in Your Security Program? Consistent Software Patching Can Solve Security Woes

Security is an imperfect art. It’s also an imperfect science. Whether it involves experimenting with certain tweaks or implementing proven standards and prescriptive advice, figuring out how to manage a security program is as complex as navigating any other business function. According to the Pareto Principle, security professionals should focus on the
Publish At:2017-07-03 23:50 | Read:460 | Comments:0 | Tags:Endpoint Network Risk Management Adobe Patch Patch Managemen

Stopping Threats in Their Tracks With Proactive Monitoring

With household names such as Renault ceasing manufacturing and the National Health Service of the U.K. actively redirecting patients from hospitals that are incapable of providing critical health care, ransomware has moved well beyond an annoyance that impacts your grandmother’s laptop and directly into the global spotlight. Over the past few days, how
Publish At:2017-05-24 19:10 | Read:538 | Comments:0 | Tags:Network Security Intelligence & Analytics Network Protection

Vulnerability Management in the Age of Analytics

It is becoming increasingly critical to manage both unknown and known vulnerabilities. In fact, since even novice cybercriminals can exploit publicly disclosed issues, it may be even more important to manage known vulnerabilities. Furthermore, fraudsters can examine information associated with known threats to develop new attacks and scout potential targets
Publish At:2017-05-14 01:10 | Read:464 | Comments:0 | Tags:Endpoint Security Intelligence & Analytics Endpoint Manageme

The Apache Struts 2 Vulnerability and the Importance of Patch Management

Apache Struts is a free, open source framework for creating Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media. In early March 2017, Apache released a patch for the Struts 2 framework. The patch fixes an easy-to-exploit vulnerability that allows attacker
Publish At:2017-04-25 12:20 | Read:736 | Comments:0 | Tags:Application Security Endpoint Apache Incident Response (IR)

Vulnerability Metrics: The Final Frontier

In Part 1 of this series, we looked at some of the metrics that an executive team would want to see to identify how the business risk is trending. It is very important to keep in mind that if the business does not see the information security program as effective and efficient, they will not continue to invest in information security projects.In this part, w
Publish At:2017-04-04 04:40 | Read:1302 | Comments:0 | Tags:Featured Articles Vulnerability Management remediation secur

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud