Security Architecture Review Of A Cloud Native Environment
Overview Due to its massive adoption, cloud computing has become a critical component for every enterprise. A large number of organisations want to migrate to the cloud, however, its security posture is still a blind spot for everyone. Nevertheless, we have seen a big rise in the number of requests to check the security posture of cloud infrastructure deployments.
Flutter based Mac OSX Thick Client SSL Pinning Bypass
During one of our recent thick client application penetration tests, Sanjay encountered a scenario where the application was built on top of a Flutter framework and had an SSL pinning check in one of the embedded libraries. Due to this check, the application provided an SSL pinning error when it was configured using Burp.
Let’s Cook ‘Compliance as Code’ with Chef InSpec
Introduction The concept of DevSecOps has introduced an array of changes to our traditional operations. One of the major changes was to move away from using tools, to learning to bake our own 'code'. Of the many things required for an application or an environment to be production-ready, compliance is fundamental and we ought to look at 'Compliance as a code'.
The Anatomy Of A Cloud Hack
This session explores Cloud Security Breaches, and how available reconnaissance techniques and tools are leveraged by unethical hackers to successfully uncover vulnerabilities. Learn how cloud security differs from conventional security and how to utilize cloud services to perform continuous monitoring and defence.
Secrets Management using Hashicorp Vault Webinar for Nullcon
Rohit Salecha is a technology enthusiast who loves to dive deep into the world of technology. His current expertise revolves around finding interesting bugs in Web Applications and also loves doing Android and iOS app security assessments.
Endpoint Detection and Response (EDR)
Claranet Cyber Security have announced the launch of a new Endpoint Detection and Response service as part of its growing Managed Security Services portfolio for customers. Your most sensitive data lives on the endpoint and in the cloud. Fast reactions prevent potential breaches and require a combination of technology and resource.
How to integrate security into the DevOps pipeline
Security is often added towards the end, in a typical DevOps cycle through a manual/automated review. However, with DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. This presentation presents various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.
Common PCI DSS Misconceptions
PCI DSS can be a complex beast. That's because many businesses are not clear whether PCI applies to them or do not have a clear understanding of what they are looking at. Our Principle Security Consultant, Wayne Murphy explains the common misconceptions and problem areas that our Qualified Security Assessors (QSA) often encounter.
Plugging the gaps: working together to ensure Cyber Essentials certification
The CREST Cyber Essentials Scheme is a great starting point for any modern organisation wishing to keep its data - and that of its customers - safe. However, it is not a catch-all to ever evolving attack vectors. We show you how to plug the gaps.
Beware Malware: created, morphed, and now ready to hit hard
Cybersecurity is certainly nothing new, but malware has been in the headlines recently. In this opening article on security Holly Williams, a 10-year expert of the infosec wars and a Penetration Test Team Leader, takes a look at the past, present, and future of the dark art.
Cybersecurity is a fast-expanding field spanning network infrastructure, remote services, device diversity, even the nuances of human interaction and behaviour within the enterprise. Today’s IT expert is part technician, part detective, and part sociologist. This SlideShare presentation is a blow-by-blow account of the issues that matter in today’s hyperlinked, cross-connected, time-shifted organisation—with each threat backed up by some key statistics. Download PDF
UK Exposed: Cybersecurity skills shortage putting businesses in the firing line
While businesses across the country grapple with post-BREXIT contingency planning, a lack of experienced and qualified professionals with the right cyber skills is presenting an additional major challenge. Back in 2014, Jon Oltsik, principal analyst at Enterprise Strategy Group ESG, predicted a growing cybersecurity skills shortage panic over the coming years, saying: