Examiner Article

By -
A short article by Trish Dromey on how/why edgescan and what's next

24/7 Security

Comments

Post a Comment

Popular posts from this blog

20 years of Vulnerability Managment - Why we've failed and continue to do so.

By -
Image
Cyber Security: Keeping Pace with Change. Getting breached can really ruin your day. Actually it normally happens on a friday evening as you are about chill for the weekend. The cause of must breaches is not rocket science, its more to do with the poor approach we have accepted because we underestimate the threat actor.  - An attacker does not scan your website/network once a quarter with a commercial or open source scanner or perform an annual penetration test against your systems to see if there is any low hanging fruit, so how do we expect to defend against such an advisory using that approach? Systems change now more frequently than ever due to the ease of cloud deployments and the speed of software deployments due to iterative development techniques. The rate of change increase results in exposures quickly manifesting and the organisation not even being aware of the exposure in the first place. Many organisations dont know what they have exposed on the public Internet. We ne...
Read more

Edgescan, why we do what we do.....

By -
Image
  The cyber security industry is full of solutions to make you more secure. Some are unproven and other approaches work if deployed properly. Our industry is very fragmented. for example a recent "Cyber Defense" award I noticed has 195 categories!  I suppose we need to ask ourselves as companies from time to time why we do what we do?  So, the following post is, I guess, the reason we developed Edgescan and why we believe its a decent solution to help organizations improve and be more resilient in relation to cyber security and system protection.... Vulnerability scanning alone did not work. The idea of software testing software for vulnerabilities is a good one but both sides of the equation may have bugs. Bugs in one side (The target) may result in vulnerabilities, whilst bugs on the other side (Scanner) may result in false negatives and false positives.  Accuracy : To that end we built edgescan as a combination of automation to discover vulnerabilities at scale bu...
Read more

How Simple can it be.....XSS Prevention....

By -
Cross Site Scripting is sill a very common web vulnerability. Generally it is used to attack clients/users. It can be used for malware upload, botnet hooking, keylogging, a payload delivery system for clickjacking and CSRF attacks and much much more, all for 6 easy payments of $9.99...sorry got carried away there :) But is is easily preventable. You dont even have to know what XSS (type 0, type 1, type 2, DOM, Stored, Reflected) is to prevent it. One pretty simple way to prevent XSS is to use the OWASP ESAPI (Enterprise Security API). A very easy tool to use/invoke. It's also managed and attended to by Chris Schmidt ....A great guy... Regardless of what it does....if there was a mandate to use it on all redisplayed external input a site could become virtually XSS free!! (all for 6 easy payments of......). It's easy to deploy.... 1. Include in JSP (Java version) 2. Invoke in JSP 3. Job done!!! We include it by <%@ page import="org.owasp.esapi.ESAPI...
Read more