Category: Product Security

Product Security covers all software, hardware, cloud, edge, and component (chip) security aspects. Today’s product security is not just about the “unit” under test, but the whole system resiliency to stress, attacks, and ability to withstand the unexpected.

We will cover Application security posture management (ASPM), Dynamic AST (DAST), Fuzz Testing, Infrastructure-as-code (IaC) testing, Interactive AST (IAST), Mobile AST (MAST), Open Source Testing, Software Development Life Cycle (SDLC), Static application security testing (SAST), Chaos Architectures, and many other approaches to Product Security.

Think first – then Act – Apache Struts CVE-2023-50164

Posted on December 13, 2023December 18, 2023

The days when the good guys can take a security break during the December Holidays are over. Plan and expect issues that require teams to come in and mitigate/minimize risk to be the “new normal” for the holidays. This year, researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload Read More

Thanksgiving Holiday Fun! Five Eyes Warn of LockBit 3.0 Ransomware!

Posted on November 22, 2023November 22, 2023

Do you know if your network is vulnerable to LockBit 3.0 Ransomware crew getting into your network via NetScaler CVE-2023-4966 vulnerability? Boeing – a company with a powerful cybersecurity team – was penetrated by the LockBit crews using CVE-2023-4966. Is this your Thanksgiving holiday fun? For those subscribed to Shadowserver free Cyber Civil Defence reporting, Read More

Protecting BGP Sessions – Step-by-Step Guide to Prevent an Easy DDoS

Organizations are not protecting their BGP session. Take the time to ask the question …. Do we have our BGP ports protected? Are you: If not, work with your peers to deploy an Infrastructure ACL (iACL) to cover all your network devices, deploy specific data plane ACLs on your routers/switches to protect them, work with

Qakbot – it is not over yet!

Posted on September 19, 2023September 19, 2023

Get the free Shadowserver special report to see if Qakbot was on your network. If yes, the bad guys could still be on your network. Read More

Why are the top National Security Teams Yelling for you to Fix your Network?

Posted on August 3, 2023August 3, 2023

The top National Security Teams are yelling at you to fix your network. The Joint Advisory is not a simple act of collaboration. The first 12 are highlighted for a reason. We do not know the insider reasons other than they are ACTIVELY EXOLIOTED with NOT ENOUGH ORGANIZATIONS MITIGATING that are PUTTING ORGANIZATIONS at RISK. Read More

Secure Coding? Don’t get Stuck!

Posted on July 13, 2023July 13, 2023

We now have static application security testing (SAST) deployed. All should be good. No, all is NOT Good! The most challenging parts of any SAST tool deployment are the initial shock of potential vulnerabilities, coding errors, and risk. When I come into an organization for an audit, it is common to find their SAST tool Read More