Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo

ACCUVANT BLOG

'Tis the Season for Phishing

It’s that time of year again, the holiday season. A time filled with friends, family, good food, and celebration. But of course it has its downsides as well; stress, debt, long lines and crowds. Many of us try to make the holiday shopping season a little easier by purchasing our gifts online in the safety and comfort of our homes. [...] Read more

Read more

Empowering the CISO

A security-focused business culture can empower the CISO to effectively perform their job, and allow them to become a respected member of the “C” level. As a result, they are able to implement a business-aligned security program that brings real value to the company. [...] Read more

Read more

Decoding IBM WebSphere Portlet URLs

Portlet based web applications built with the IBM Web Experience Factory, previously known as the WebSphere Portlet Factory, produce long URL's containing GZIP'd and base64-encoded data. Viewing and tampering with the data transmitted between the client browser and backing application server is quintessential to application penetration testing. [...] Read more

Read more

Shellshock Burp Scanning

The following is a Java plugin for the web proxy Burp designed to detect CVE-2014-6271, or shellshock, during active scans of web applications. Further versions of the shellshock vulnerability, e.g. CVE-2014-7169, are not detected by this plugin. [...] Read more

Read more

Building a Security-Focused Business Culture

In the recent months, we have seen a disturbing thread in companies hit by major security breaches. In many cases, the problem can be attributed to a number of things; an internal security function that was never properly built, inadequate funding, existing leadership that was not empowered, or existing security leaders deciding to move on to other companies. [...] Read more

Read more

Micro-Segmentation

In my previous blog post, I discussed the importance of segmentation and network design. Moving along in the series brings us to micro-segmentation. This concept goes beyond just segmenting past the traditional network segments, to actually segmenting hosts from each other on the same or different networks. [...] Read more

Read more

How to Reduce Attack Surface

An effective strategy to help protect your organization is to reduce the noise, allowing for easier detection of an exploit; while at the same time increasing the difficulty to compromise. This, in effect, reduces the adversaries operating surface [...] Read more

Read more
(141 Results)