Both penetration tests and automated vulnerability scans are useful tools for managing vulnerabilities. While these are different testing methods, they are complementary and both should be performed.
A vulnerability scan is an automated, low-cost method for testing common network and server vulnerabilities. This is sometimes referred to as an automated pen test. Many automated tools … Read More »
Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised. The recent news of Adobe Systemsi where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if there is a will, there … Read More »
If you operate a web site that accepts personal information from California residents, you may be aware that California’s amended CalOPPA law has added a “do not track” requirement this month. California’s legislators have added to the already-weak law a new, value-less clause that gives the appearance that the law does something that it … Read More »
I’m one of those fortunate information security professionals who plays both sides of the technology defense game: I’m your incident response guy and your preventive technologies guy. When I’m working with a company after they’ve been breached I can see pretty quickly what defenses they were missing that allowed the breach in … Read More »
Dear Antivirus Vendors,
On more and more incident response investigations, my clients (victims) have been asking the question “Why didn’t our Antivirus software detect the malware when we always keep it up to date?” I respond by telling them that they had targeted malware on their system. Their follow up question usually is whether antivirus … Read More »