The Anatomy Of A Cloud Hack
This session explores Cloud Security Breaches, and how available reconnaissance techniques and tools are leveraged by unethical hackers to successfully uncover vulnerabilities. Learn how cloud security differs from conventional security and how to utilize cloud services to perform continuous monitoring and defence.
Secrets Management using Hashicorp Vault Webinar for Nullcon
Rohit Salecha is a technology enthusiast who loves to dive deep into the world of technology. His current expertise revolves around finding interesting bugs in Web Applications and also loves doing Android and iOS app security assessments.
Endpoint Detection and Response (EDR)
Claranet Cyber Security have announced the launch of a new Endpoint Detection and Response service as part of its growing Managed Security Services portfolio for customers. Your most sensitive data lives on the endpoint and in the cloud. Fast reactions prevent potential breaches and require a combination of technology and resource.
How to integrate security into the DevOps pipeline
Security is often added towards the end, in a typical DevOps cycle through a manual/automated review. However, with DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. This presentation presents various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.
Common PCI DSS Misconceptions
PCI DSS can be a complex beast. That's because many businesses are not clear whether PCI applies to them or do not have a clear understanding of what they are looking at. Our Principle Security Consultant, Wayne Murphy explains the common misconceptions and problem areas that our Qualified Security Assessors (QSA) often encounter.
Plugging the gaps: working together to ensure Cyber Essentials certification
The CREST Cyber Essentials Scheme is a great starting point for any modern organisation wishing to keep its data - and that of its customers - safe. However, it is not a catch-all to ever evolving attack vectors. We show you how to plug the gaps.
Beware Malware: created, morphed, and now ready to hit hard
Cybersecurity is certainly nothing new, but malware has been in the headlines recently. In this opening article on security Holly Williams, a 10-year expert of the infosec wars and a Penetration Test Team Leader, takes a look at the past, present, and future of the dark art.
Cybersecurity is a fast-expanding field spanning network infrastructure, remote services, device diversity, even the nuances of human interaction and behaviour within the enterprise. Today’s IT expert is part technician, part detective, and part sociologist. This SlideShare presentation is a blow-by-blow account of the issues that matter in today’s hyperlinked, cross-connected, time-shifted organisation—with each threat backed up by some key statistics. Download PDF
UK Exposed: Cybersecurity skills shortage putting businesses in the firing line
While businesses across the country grapple with post-BREXIT contingency planning, a lack of experienced and qualified professionals with the right cyber skills is presenting an additional major challenge. Back in 2014, Jon Oltsik, principal analyst at Enterprise Strategy Group ESG, predicted a growing cybersecurity skills shortage panic over the coming years, saying:
Automating Pentests for Applications with Integrity Checks using Burp Suite Custom Extension
During one of our recent web application penetration testing assignments, @realsanjay encountered a scenario where the application employed an integrity check on HTTP request content. The integrity check was maintained using a custom HTTP header that stored the HMAC of HTTP request content based on session-specific CSRF tokens. Any modification in the HTTP request would result in a “499 Unknown” HTTP error response.
Continuous Security Monitoring using ModSecurity & ELK
Recently, NotSoSecure got an opportunity to explore the working of monitoring and alerting systems as a part of a project. In this blog post, Anand Tiwari will talk about his experience and challenges faced while setting up one such monitoring and alerting system.