Tag: Controls
In my last post, I examined the reasons why certificate revocation is important to enterprise security. Now I’ll walk you through the steps you need to follow to check for revoked certificates. Certificates are believed to be ‘good’ unless we’re told otherwise, so certificate authorities simply need to maintain lists of ‘bad’ certificates that have…
Read MoreF5 Labs' David Warburton writes for Venafi, explaining one of the key strategies for improving the use of OCSP for certificate revocation. Source link lol
Read MoreAt F5, we dedicate a lot of time to identifying and validating vulnerabilities. We use a variety of vulnerability scanning tools at a regular, frequent tempo to give us an up-to-date picture of our risk footprint. On top of that, we pay attention to user reporting, information we get from various threat intelligence sources, and…
Read MoreImagine a network of intelligent sensors and content filters that connects to every endpoint in an enterprise network. It is scalable, resilient, adaptable, and features the gold standard (for the moment at least) in natural language processing. It has an average uptime of 98% during business hours. Even better, all organizations already have this tool.…
Read MoreF5 Labs researchers combed through lists of organizations whose cloud resources have been exposed since 2017 due to intentional insecurity. The growth rate from 2017 to 2018 was an alarming 200%. So far in 2019, with an average of 2.5 breaches per month, we would expect to see a total of 30 breaches by the…
Read MoreThe discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction” it subsequently allows attackers to gain root-level code execution on the host. Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a…
Read MoreAt RSA Conference 2019, F5 Labs’ Preston Hogue sat down with Information Security Media Group to give a video interview on the importance of actionable threat intelligence to DevSecOps professionals. In particular, Hogue explores the challenge presented by DevSecOps itself, and the rise of application-focused threat intelligence. You can see the full video article published…
Read MoreTo both understand and keep pace with evolving cybercriminal mindsets, many businesses are fighting fire with fire – in other words hiring hackers for help. In fact, large corporations such as Airbnb, PayPal and Spotify, recently revealed that they have willingly spent over £38M on ethical hackers to tighten their cyber defences and avoid crippling…
Read MoreWeb Application Security Our biggest research story of the year was our 2019 Application Protection Series, which focused on looking at an entire year of application-related breaches as well as a year of global web attack traffic. In that story, we noted how PHP vulnerabilities comprise 81% of the attack traffic, much of it…
Read MoreGood or bad, the cloud adoption represents a new pathway for anyone to become a software startup without having to hire operations or infrastructure personnel. Although they can quickly get a minimally viable application up and running, that application may lack both robustness and security measures of more traditional, well-engineered systems. I’m pretty sure that…
Read More