Collaborate Disseminate
When it comes to software security, one of the biggest challenges facing developers today is information overload. Thanks in part to the widespread proliferation and use of open-source code (a study by Red Hat showed that 36% of software in use at surv… Continue reading When it comes to vulnerability triage, ditch CVSS and prioritize exploitability
First of all,I am new to security as a whole and taking my first formal course on it.So sorry if any major errors are present.
I had a scheme for remote file storage as an attempt to use my course topics:
I have a few google accounts(say … Continue reading Cryptographic File Storage scheme
So I’ve been trying to merge all 3 templates provided by MS in the Threat Modelling tool to benefit from a number of vital components scattered across the Default, Azure and Medical template. Unfortunately a number of errors were encounter… Continue reading Microsoft Threat Model – Merging all 3 templates
For educational purposes, I am pentesting an app server of mine. I am using ZAP and it reports a remote file inclusion vulnerability. I looked at it and think its a false positive but before I miss something I wanted to ask the community:
… Continue reading Remote file inclusion (RFI) found – vulnerability or false positive?
What are some possible common vulnerabilities related to a Windows 10 workstation running BitLocker on which is possible to enter the UEFI (bios) interface without having to provide a password?
Continue reading Workstation security analysis scenario [closed]
I am working with a team who is developing a mobile app for which they are using GraphQL.
So as part of performing security testing it, they only shared the graphql endpoint and nothing else.
Not even the app UI nor any credentials.
Based … Continue reading GraphQL endpoint security testing
Vulnerability management (VM) technology addresses the threat landscape, which is in a constant state of flux. The wider dispersal of endpoints across private and public cloud environments increases the points of vulnerabilities in an enterprise networ… Continue reading How important are vulnerability management investments for a cybersecurity posture?
Are smart plugs safe, Xiaomi ones in particular (Zigbee and WI-FI versions)?
My main concern is that the plug is connected to Mi account and allows remote management. In case hacker gains access, can he reboot it dozens of times per secon… Continue reading Are smart plugs safe? (Xiaomi in particular)
HP has expanded its Bug Bounty Program to focus specifically on office-class print cartridge security vulnerabilities. The program underscores HP’s commitment to delivering defense- in-depth across all aspects of printing—including supply chain, cartri… Continue reading HP expands its Bug Bounty Program to focus on office-class print cartridge security vulnerabilities
Maintaining a strong organizational security posture is a demanding task. Most best practices – e.g. CIS Controls, the OWASP Vulnerability Management Guide – advocate a continuous program of asset discovery and vulnerability management. Due… Continue reading Review: ThreadFix 3.0