Eoin & The Security

BBQ Cyber Security Thoughts...... During lockdown, I've taken to standing over the BBQ staring at the temperature gauge, lifting the lid occasionally and slow cooking various meats. Given the lockdown situation this provided a focal point for the day; something to attend to for the afternoon.  When standing there in a mindful stasis things go through your head, these are some of mine... "Software testing Software, who thought that would work?" "Using systems with potential vulnerabilities to discover potential vulnerabilities in systems" "Shift Left would make more sense if development was linear" "The reliance on automation to defend against a human adversary, sounds fair.....💀" "We cant improve what we cant measure; We cant secure what we cant see." "We accept false positives in scanners (Software getting it wrong) but we don't accept vulnerabilities (Software getting it wrong)." - Software testing software. "T...

  Web Application Scanning...Evolution For the past 24 months Edgescan has been developing a new Web Scanning engine, namely " Weasel ". Its a core component to the edgescan SaaS web security aspect of the service. We built it for many reasons: Faster Assessment speed. Increased coverage. Better Accuracy. More user control and configuration. Improved API support and navigation. More metrics. Javascript/Single-Page-Application (SPA) improvement. Improved content discovery. Dynamic Learning A cool thing about weasel is it has a dedicated team that not only consists of developers but also analysts and researchers. This was exciting as some of our penetration testers trained and pushed the engine and our developers implement ongoing changes. Developing a web scanning engine is certainly a treadmill and a never-ending process. Change is good, and to change often is to live well. Dynamic Learning - Once aspect that is exciting for us is the idea of continuously integrated test ca...