Posts

Showing posts from September, 2020

Application Security Validation Pitfalls, False Positives and Misconceptions

Image
I recently did a webinar with one of our senior security warriors, James Mullen discussing where automated validation works and where it doesn't.  We also discussed false positives in both technical and logical vulnerabilities.  This is worth tuning into if you want to understand the constraints of automation, where is falls down and why we think reliance on automation alone for vulnerability management is a poor idea, we currently still need "the Human Element". Check it out if you want to learn more..
Image
  What’s the worst that can happen…..An Ode to Risk Risk a widely used word in many walks of life but do we understand what it means… “ Risk  involves uncertainty about the effects/implications of an activity with respect to something that human’s value (such as health, well-being, wealth, property or the environment), often focusing on negative, undesirable consequences .” Cyber security often talks about risk....  A high-risk vulnerability or the risk of an event occurring.  So, risk is related to statistical occurrence of an event and the negative outcome…. We often talk about likelihood and impact. The chance of something happening and the effect the of it happening. As CISO’s or cyber security professionals we try to first address items with the highest risk or combination of likelihood and impact we call this prioritization. The reason we need to prioritize is because we can’t fix all the issues and not every vulnerability is created equal . We all have limited capacit