HackDig : Dig high-quality web security articles for hacker

Don’t Panic! Create a Winning Cybersecurity Strategy to Preserve CISO Sanity

Stress comes with the territory for chief information security officers (CISOs). As noted by Medium, the job is unpredictable, with “long periods of preparing, watching, waiting, punctuated by periods of high stress and occasional bruising.” As both vendors and cyberthreats proliferate, finding a balance between an effective cybersecurity strateg
Publish At:2017-10-31 05:50 | Read:3022 | Comments:0 | Tags:CISO Automation C-Suite Chief Information Security Officer (

Automatic Extraction of Data from Excel Sheet

Excel sheets are very common files in corporate environments. It’s definitively not a security tool but it’s not rare to find useful information stored in such files. When these data must be processed for threat hunting or to collect IOC’s, it is mandatory to automate, as much as possible, the processing of data. Here a good example: Everyd
Publish At:2017-10-24 21:20 | Read:2709 | Comments:0 | Tags:Software Unix Automation Excel Python Script Tool

The 21st-Century Real Estate Deal: How the Internet of Things Is Changing Commercial Real Estate

The commercial real estate (CRE) industry is on the verge of a major disruption: the Internet of Things (IoT). Technology is making its way into an industry that historically lacks the innovative spirit, and we’re beginning to see a drastic change in what it means to be a real estate broker. As client needs evolve, brokers must develop new skills to k
Publish At:2017-07-14 17:35 | Read:2611 | Comments:0 | Tags:Mobile Security Network Automation Connected Devices Interne

OWASP TOP 10: Insufficient Attack Protection #7 – CAPTCHA Bypass

What is CAPTCHA? CAPTCHA is an acronym for “Computer Automated Public Turing test to tell Computers and Humans apart”. It is used to determine whether or not the user is human. Many times, a CAPTCHA is an image. A human has to solve it using the challenge response system. A human can usually read it without too much difficulty. Figure below is an example of
Publish At:2017-05-04 13:36 | Read:3940 | Comments:0 | Tags:News Automation CAPTCHA CAPTCHA Bypass Insufficient Attack P

Security Orchestration for an Uncertain World

Last month at the RSA Conference, I saw a lot of companies selling security incident response automation. Their promise was to replace people with computers — sometimes with the addition of machine learning or other artificial intelligence (AI) techniques — and to respond to attacks at computer speeds. While this is a laudable goal, there’s a fundament
Publish At:2017-03-23 16:56 | Read:3045 | Comments:0 | Tags:Security Intelligence & Analytics Artificial Intelligence (A

Flying With the Wind: Reduce Drag on Your Data Protection Program With Automation and Visualization

People are at the heart of data protection programs. We all rely on their expertise to manage the systems, advise us on database hardening, interpret the incoming monitoring data and help the organization prepare for compliance audits. These tasks continue to challenge organizations that don’t have enough skilled people to manage them, all in the face
Publish At:2016-12-13 18:40 | Read:3838 | Comments:0 | Tags:Data Protection Analytics Automation Data Security General D

Why Technology Automation Is a Sure-Shot Way Of Strengthening Your Security Posture

When we traditionally think of the benefits of ‘automation,’ we think of ‘improved quality and efficiency; and savings in time, cost and energy.’ One often overlooked benefit that can be achieved from this is the mitigation of risk and the enhanced security.According to a recent study by AlgoSec (State of Automation in Security, Sprin
Publish At:2016-09-09 02:40 | Read:3405 | Comments:0 | Tags:Featured Articles IT Security and Data Protection audit Auto

The Joys of Automated Systems

The Joys of Automated Systems Posted by Kevin on March 9, 2016.Automated Systems… OneYesterday I got followed on Twitter by CoinTelegraph Espana.I didn’t follow back. Although the account has 10,000 followers, it has only ever posted 2 tweets. What is point, I asked myself.
Publish At:2016-03-09 20:45 | Read:3638 | Comments:0 | Tags:Expert Views Kevin Townsend's opinions automation

Good IOC VS. Bad IOC: When Automation Fails…

[The post Good IOC VS. Bad IOC: When Automation Fails… has been first published on /dev/random] A few days ago, I wrote a diary on the SANS ISC website about automating the search for IOC’s (“Indicator of Compromise“). The use of tools to collect such information (IP addresses, domains, hashes, …) is very useful to build a list
Publish At:2015-09-21 14:45 | Read:3311 | Comments:0 | Tags:Security Uncategorized Automation Crawler Fail IOC

Data Compliance — Do You Really Have What It Takes?

Compliance Automation Is Essential – and Helps Keep You Sane It’s summertime, and the barbecues are firing up. And if you’ve ever been brought before an auditor, you can relate to feeling the heat as you’re grilled. You need to be prepared to answer questions about roles and responsibilities in your organization, such as: Do you have docume
Publish At:2015-07-22 12:25 | Read:2336 | Comments:0 | Tags:Data Protection Automation Compliance Data Security Security

AppSensor CISO Briefing

Following the release of the Introduction for Developers in February, the OWASP AppSensor team has now created and published a new document aimed at Chief Information Security Officers (CISOs) and others with similar responsibilities.The CISO Briefing is a high-level overview, with pointers to the more detailed resources for specifiers, architects, developer
Publish At:2015-04-24 20:20 | Read:4097 | Comments:0 | Tags:incidents logging operation automation specification technic

Running System Commands Against Multiple SSH Servers with Fabric

Fabric is a python library to automate tasksAs the README says:Fabric is a Python (2.5-2.7) library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks. More specifically, Fabric is:A tool that lets you execute arbitrary Python functions via the command line;A library of subroutines (built on
Publish At:2015-04-09 00:25 | Read:2615 | Comments:0 | Tags:automation Fabric OMG Python Pentesting

Running System Commands Against Multiple SSH Servers With Metasploit

Want:To run a command against multiple SSH servers and you want to use metasploit to do itHow:There doesn't exist a multi_ssh_exec type aux module to run commands. Luckily ? the ssh_login module creates a command shell session for you, on successful logins. You can use the builtin sessions functionality to run a command against all your (SSH) sessions.msf au
Publish At:2015-04-07 00:20 | Read:3121 | Comments:0 | Tags:automation Metasploit Pentesting

Malware Analysis: Investigating the Right Security Alerts

Faced with an average of 17,000 security alerts a week, security professionals play the ultimate guessing game when choosing which alerts to investigate. They can investigate an alert that proves to be a true threat and thereby shut down an attack, or they can waste valuable time investigating a security alert that proves to be a false positive, while true p
Publish At:2015-03-30 17:05 | Read:3239 | Comments:0 | Tags:Security Intelligence & Analytics Automation Cybersecurity D

The Seven Wonders of User Access Control: Part II

In the first of a two-part blog series, The Seven Deadly Sins of User Access Controls, my colleague Jean Gordon Kocienda provided fresh insights into overly-permissive user access controls as a common underlying cause of data breaches. In this blog, I address the solutions to those “Seven Deadly Sins” with a modern twist on the antiquity typicall
Publish At:2015-03-04 14:40 | Read:2959 | Comments:0 | Tags:Security access control automation mindfulness security trai

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud