Tag: Foundation
At F5, we dedicate a lot of time to identifying and validating vulnerabilities. We use a variety of vulnerability scanning tools at a regular, frequent tempo to give us an up-to-date picture of our risk footprint. On top of that, we pay attention to user reporting, information we get from various threat intelligence sources, and…
Read MoreImagine a network of intelligent sensors and content filters that connects to every endpoint in an enterprise network. It is scalable, resilient, adaptable, and features the gold standard (for the moment at least) in natural language processing. It has an average uptime of 98% during business hours. Even better, all organizations already have this tool.…
Read MoreDifficult security incidents are unique and valuable opportunities. They are the sort of testing you can’t buy: real-world, un-simulated, and direct. No pen-test or code review is going to do what a serious incident will. They are priceless jewels, but only if you use them for all they’re worth. Capturing that value is only possible…
Read MorePredictions are a risky business. If you play it too conservatively, you tell everyone what they already know and just get an eye roll for your trouble. If you go out on a limb and get it wrong, people stop listening to you. That’s why, as we unwisely return to the task of predicting the…
Read MoreThe conflict in Ukraine brings the possibility of increased cyberattacks targeting the public infrastructure of NATO nations and their allies, and could easily extend to corporations and other entities within those countries as well. The US CISA (Cybersecurity and Infrastructure Security Agency) has provided technical guidance and reporting methods at https://www.cisa.gov/shields-up which is an excellent…
Read MoreThe best practice document from Internet Engineering Task Force (IETF) recommends the use of an external user agent (such as a browser) to complete the flow in authorization flow code grant. When a native app wants to access private information, it needs to first get an authorization code. The native app starts its authorization request…
Read MoreSingle points of failure are the bane of engineering, and engineers put great effort into eliminating them from the systems they design. Increasingly, however, companies are handing over large amounts of their IT infrastructure and application portfolios to third-party providers. This reveals an interesting form of the single point of failure. If an organization uses…
Read MoreTo find the correct password, attackers must check word after word until they find one which outputs the same hash value as the one they have stolen. While this sounds tedious, password cracking tool, such as Hashcat, are capable of calculating billions of hashes per second on a single computer. Renting cloud computing services allows…
Read MoreBanking has undergone some huge transformations over the last decade as it becomes more embedded in consumers’ everyday lives. In the last year alone, technology adoption in banking has accelerated at an unprecedented rate due to the COVID-19 pandemic. A testament to this India, where digital payments over the unified payment interface (UPI) increased from…
Read MoreYou also need to restrict administrative access at the application level. This can mean that only certain individuals have administrative privileges in the app, or it can mean that administrators can only access the control surfaces from specific subnets. Data sources for the application, whether internal or external, need to be treated to the same…
Read More