Features
Software security assurance: Everybody’s invited
As more and more things in this world of ours run on software, software security assurance – i.e. confidence that software is free from vulnerabilities (either …
Security awareness is good, but good security culture is better
As an efficient mechanism to influence employee behavior, security culture is one of the most important, yet most overlooked, aspects of organizational security. “A …
Executive spotlight: iovation’s new Vice President of Product
Last week iovation announced that Dwayne Melancon was leaving Tripwire after 17 years and joining the company as the new Vice President of Product, so we decided to get in …
Lure10: Exploiting Wi-Fi Sense to MITM wireless Windows devices
Karma has long been a staple man-in-the-middle attack used in authorised wireless security assessments and unsanctioned ones, but as many modern operating systems now provide …
Deception security doesn’t have to be onerous or expensive
When talking about deception security, most infosec pros’ mind turns to honeypots and decoy systems – additional solutions that companies have to buy, deploy, and …
Machine learning in information security: Getting started
Machine learning (ML) technologies and solutions are expected to become a prominent feature of the information security landscape, as both attackers and defenders turn to …
Women in infosec: Real-life experiences and challenges
In all segments of society and business, minorities encounter problems that the majority rarely or never faces. And information security is – I think we can all agree …
Cybersecurity gamification: A shortcut to learning
Cybersecurity awareness trainings are usually a boring affair, so imagine my colleagues’ surprise when I exited the room in which I participated in a demonstration of …
Next level red teaming: Working behind enemy lines
The term “hacker” calls forth both positive and negative mental pictures, but I can bet that there are not many people, even in the infosec community, to whom the …
A checklist for people who understand cyber security
By now, it’s pretty much an accepted reality that it’s only a matter of time until an organization – any organization – gets breached by cyber …
Quickly audit and adjust SSH server configurations with SSH-audit
SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available. It supports …
Scan Ruby-based apps for security issues with Dawnscanner
Dawnscanner is an open source static analysis scanner designed to review the security of web applications written in Ruby. Dawnscanner’s genesis Its developer, Paolo …