Guide to API Security Testing: The father of SQL injection offers his expert opinion on effective methodologies for security testing APIs.
http://ift.tt/2zafzOt
Submitted December 14, 2017 at 05:17AM by ju1i3k
via reddit http://ift.tt/2j1Z6TH
http://ift.tt/2zafzOt
Submitted December 14, 2017 at 05:17AM by ju1i3k
via reddit http://ift.tt/2j1Z6TH
resource.cobalt.io
Guide to API Security Testing
APIs have unique challenges when it comes to testing. Jeff Forristal offers his expert opinion on effective methodologies for security testing APIs.
AppLocker - How insecure is it really?
http://ift.tt/2CdabJS
Submitted December 13, 2017 at 08:09PM by oddvarmoe
via reddit http://ift.tt/2z9UCDa
http://ift.tt/2CdabJS
Submitted December 13, 2017 at 08:09PM by oddvarmoe
via reddit http://ift.tt/2z9UCDa
Oddvar Moe's Blog
AppLocker – Case study – How insecure is it really? – Part 1
I often hear that AppLocker is not very safe and it is easy to bypass. Since I really like AppLocker and I recommend it to customers, I decided to do this blogpost series and go over the different …
I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important
http://ift.tt/2BhZ0C1
Submitted December 14, 2017 at 05:59AM by volci
via reddit http://ift.tt/2nZqsyZ
http://ift.tt/2BhZ0C1
Submitted December 14, 2017 at 05:59AM by volci
via reddit http://ift.tt/2nZqsyZ
Troy Hunt
I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important
Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine..." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel
[Discord Server] Information Security Chat
http://ift.tt/2j2NeAU
Submitted December 14, 2017 at 10:42AM by PoliFish
via reddit http://ift.tt/2kqJSrv
http://ift.tt/2j2NeAU
Submitted December 14, 2017 at 10:42AM by PoliFish
via reddit http://ift.tt/2kqJSrv
Discord
Discord - Free voice and text chat for gamers
Step up your game with a modern voice & text chat app. Crystal clear voice, multiple server and channel support, mobile apps, and more. Get your free server now!
Hardening Windows with AppLocker - Mitigate msbuild.exe
http://ift.tt/2kuwQcq
Submitted December 14, 2017 at 12:43PM by oddvarmoe
via reddit http://ift.tt/2Bj27Kb
http://ift.tt/2kuwQcq
Submitted December 14, 2017 at 12:43PM by oddvarmoe
via reddit http://ift.tt/2Bj27Kb
Oddvar Moe's Blog
Harden Windows with AppLocker – based on Case study part 1
This blogpost is actually a tribute to Matt Graeber’s request from twitter. Since I have learned so much stuff from that guy, I take these sort of request really seriously. In my post …
DNS Performance Compared: Google, Quad9, OpenDNS, Norton, CleanBrowsing, and Yandex
http://ift.tt/2BY2J4t?
Submitted December 14, 2017 at 11:24AM by rmddos
via reddit http://ift.tt/2zaoq2x
http://ift.tt/2BY2J4t?
Submitted December 14, 2017 at 11:24AM by rmddos
via reddit http://ift.tt/2zaoq2x
Medium
DNS Performance Comparison: Google, Quad9, OpenDNS, Norton, CleanBrowsing, and Yandex
Since my ISP thought was a good idea to modify their resolver responses to push me to their own "search engine", I realized the importance…
InfoSec Week 49, 2017
http://ift.tt/2AXVfPH
Submitted December 14, 2017 at 01:17PM by undercomm
via reddit http://ift.tt/2AHspWL
http://ift.tt/2AXVfPH
Submitted December 14, 2017 at 01:17PM by undercomm
via reddit http://ift.tt/2AHspWL
Malgregator
InfoSec Week 49, 2017
The
"2017 EU Security Awareness Summit - After Action Report"
http://ift.tt/2o5M1hy
Submitted December 14, 2017 at 06:06PM by volci
via reddit http://ift.tt/2CjeBiy
http://ift.tt/2o5M1hy
Submitted December 14, 2017 at 06:06PM by volci
via reddit http://ift.tt/2CjeBiy
securingthehuman.sans.org
Security Awareness Blog | 2017 EU Security Awareness Summit - After Action Report
Security Awareness Blog blog pertaining to 2017 EU Security Awareness Summit - After Action Report
How a Dorm Room Minecraft Scam Brought Down the Internet
http://ift.tt/2Aj5yg4
Submitted December 14, 2017 at 04:51PM by whitehattracker
via reddit http://ift.tt/2zbaF3R
http://ift.tt/2Aj5yg4
Submitted December 14, 2017 at 04:51PM by whitehattracker
via reddit http://ift.tt/2zbaF3R
WIRED
How a Dorm Room Minecraft Scam Brought Down the Internet
The DDoS attack that crippled the internet last fall wasn't the work of a nation-state. It was three college kids working a Minecraft hustle.
How to Secure Your Data from Ransomware and Other Threats
https://jelvix.com
Submitted December 14, 2017 at 03:54PM by Jelvix
via reddit http://ift.tt/2kt2IhZ
https://jelvix.com
Submitted December 14, 2017 at 03:54PM by Jelvix
via reddit http://ift.tt/2kt2IhZ
Jelvix
Enterprise Software Development Company - Jelvix
Jelvix is a global technology company providing custom software development services to leading businesses in a variety of industries and domains.
Yara sweeper for incident response
http://ift.tt/2o5BYsy
Submitted December 14, 2017 at 06:29PM by _spartak
via reddit http://ift.tt/2jT6ZLN
http://ift.tt/2o5BYsy
Submitted December 14, 2017 at 06:29PM by _spartak
via reddit http://ift.tt/2jT6ZLN
GitLab
nowayout / yara_sweeper
Yara Sweeper for Incident Response
Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair
http://ift.tt/2C25qC5
Submitted December 14, 2017 at 07:00PM by ase1590
via reddit http://ift.tt/2ks7DQc
http://ift.tt/2C25qC5
Submitted December 14, 2017 at 07:00PM by ase1590
via reddit http://ift.tt/2ks7DQc
Zero Day Initiative
Remote Root in DirecTV's Wireless Video Bridge: A Tale of Rage and Despair
In this guest blog, Trend Micro DVLabs researcher Ricky Lawshae discusses the recently disclosed CVE-2017-17411. He discovered and reported this bug through the ZDI program. Earlier this year, I learned that AT&T was starting to move customers away from its…
Security Planner - Improve your online safety with advice from experts
http://ift.tt/2B8nJc5
Submitted December 14, 2017 at 06:49PM by emptymatrix
via reddit http://ift.tt/2kswH9F
http://ift.tt/2B8nJc5
Submitted December 14, 2017 at 06:49PM by emptymatrix
via reddit http://ift.tt/2kswH9F
Security Planner
Security Planner - Improve your online safety with tools for your needs.
Answer a few simple questions to get personalized recommendations of free and open-source software. It's confidential -- no personal information is stored, and we won't access any of your online accounts.
Security In 5: Episode 132 - Top 10 Security Tips For Your Network - 7 - Protect Your Network Access
http://ift.tt/2AYlLZ5
Submitted December 14, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2C8bQ2x
http://ift.tt/2AYlLZ5
Submitted December 14, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2C8bQ2x
Libsyn
Security In Five Podcast: Episode 132 - Top 10 Security Tips For Your Network - 7 - Protect Your Network Access
Number 7 in my Top 10 Security Tips for Your Network talks about protecting the external access into your network. Whether through applications, FTP, VPN, etc... your customers and employees at some point need to get to internal resources from outside the…
Introducing: Detection Lab – Chris Long – Medium
http://ift.tt/2z3sEsV
Submitted December 14, 2017 at 04:30PM by E5sN80fqC7qO
via reddit http://ift.tt/2jVe8eC
http://ift.tt/2z3sEsV
Submitted December 14, 2017 at 04:30PM by E5sN80fqC7qO
via reddit http://ift.tt/2jVe8eC
Medium
Introducing: Detection Lab
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete…
Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
http://ift.tt/2C3Xlgf
Submitted December 14, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2kufZGP
http://ift.tt/2C3Xlgf
Submitted December 14, 2017 at 10:03PM by Extremite
via reddit http://ift.tt/2kufZGP
FireEye
Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational
Disruption to Critical Infrastructure « Attackers Deploy…
Disruption to Critical Infrastructure « Attackers Deploy…
Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems.
Reflected Cross-Site noscripting via HTTP headers in Safari browser
http://ift.tt/2BoFfJi
Submitted December 15, 2017 at 12:17AM by i_bo0om
via reddit http://ift.tt/2AIeBvl
http://ift.tt/2BoFfJi
Submitted December 15, 2017 at 12:17AM by i_bo0om
via reddit http://ift.tt/2AIeBvl
Wallarm
The Good, The Bad and The Ugly of Safari in Client-Side Attacks
I’ve previously published an article about using Safari to compromise a computer file system.
How to Deploy a BeyondCorp-Style Web App
http://ift.tt/2zcyHvk
Submitted December 15, 2017 at 12:39AM by heitortsergent
via reddit http://ift.tt/2AHA47J
http://ift.tt/2zcyHvk
Submitted December 15, 2017 at 12:39AM by heitortsergent
via reddit http://ift.tt/2AHA47J
ScaleFT
ScaleFT - How To Deploy A BeyondCorp-Style Web App Behind The ScaleFT Access Fabric
With ScaleFT Web Access, internal company applications are protected by an Access Fabric, a globally distributed real-time authorization CDN capable of making intelligent trust decisions at the edge.
I'm hiring for a senior application security engineer in the M&A security team at Salesforce!
http://ift.tt/2C4TorF
Submitted December 15, 2017 at 12:53AM by calib0rx
via reddit http://ift.tt/2Cl6ou8
http://ift.tt/2C4TorF
Submitted December 15, 2017 at 12:53AM by calib0rx
via reddit http://ift.tt/2Cl6ou8
Few security related questions
While planning my app production, few security concerns were raised:Assuming you store secrets like 'DB connection string' in some 3rd party secured wallet, how do you inject those into your deployment noscript? how would you grab LastPass password into CloudFormation noscript?Assuming some developers have production permissions (devops), wouldn't it be smart not to assign to them production rights all the time rather they should use some elevated/temporary rights? how would you implement that?Does it make sense to store management systems like 'elasticsearch/kibana logs' in a separate peered VPC that is accessed to devops via VPN or MFA only?
Submitted December 15, 2017 at 02:29AM by yonatannn
via reddit http://ift.tt/2zcc4XF
While planning my app production, few security concerns were raised:Assuming you store secrets like 'DB connection string' in some 3rd party secured wallet, how do you inject those into your deployment noscript? how would you grab LastPass password into CloudFormation noscript?Assuming some developers have production permissions (devops), wouldn't it be smart not to assign to them production rights all the time rather they should use some elevated/temporary rights? how would you implement that?Does it make sense to store management systems like 'elasticsearch/kibana logs' in a separate peered VPC that is accessed to devops via VPN or MFA only?
Submitted December 15, 2017 at 02:29AM by yonatannn
via reddit http://ift.tt/2zcc4XF
reddit
Few security related questions • r/security
While planning my app production, few security concerns were raised: 1. Assuming you store secrets like 'DB connection string' in some 3rd party...
Protecting code integrity with PGP (Linux Foundation IT guide)
http://ift.tt/2CdcMDA
Submitted December 15, 2017 at 02:33AM by mricon
via reddit http://ift.tt/2ksAK5X
http://ift.tt/2CdcMDA
Submitted December 15, 2017 at 02:33AM by mricon
via reddit http://ift.tt/2ksAK5X
GitHub
lfit/itpol
itpol - Useful IT policies