proactive security testing
Conducting a comprehensive cyber security penetration test assessment for a commercial business involves asking a wide range of questions to ensure that all potential vulnerabilities and weaknesses are identified and addressed. Here are some key questions to ask when conducting a penetration test assessment for a commercial business:
If you would like to measure your security we invite you to learn more about CATSCAN
Threat Models help security
Threat modeling is a process of identifying and analyzing potential security threats to a system or application. Here is a general process for threat modeling a custom web application connected to the internet:
For more information on Threat Modeling, contact us.
Data breach coach?
A data breach coach, also known as a breach response coach or cyber incident coach, is a specialized professional who provides guidance and support to organizations that have experienced a data breach. The primary purpose and function of a data breach coach are to help organizations respond to data breaches in a timely, effective, and efficient manner, minimizing the potential damage and protecting the organization's reputation.
Here is how a data breach coach can help you before, during, and after a data breach:
Before a data breach:
CIO, CTO Whats the difference?
The Chief Information Officer (CIO) and Chief Technology Officer (CTO) are both senior executives responsible for technology-related decisions in an organization, but they have different primary roles and responsibilities.
The primary role of the CIO is to oversee the organization's overall technology strategy and ensure that it aligns with the company's business goals. They are responsible for managing the technology infrastructure, including hardware, software, and networks, and ensuring that they are secure, reliable, and scalable. The CIO also manages the organization's data, including storage, security, and analytics. They work closely with other departments to identify technology needs, implement solutions, and ensure that technology is integrated effectively with the business.
The primary role of the CTO is to drive the organization's technology vision and innovation. They are responsible for evaluating emerging technologies, identifying potential new business opportunities, and developing strategies to implement those technologies. The CTO is often involved in the development of new products and services, working closely with product managers and engineering teams. They may also be responsible for research and development, including creating prototypes, testing new technologies, and assessing the viability of emerging trends.
While both the CIO and CTO are responsible for technology-related decisions, their primary focus and responsibilities are different. The CIO is focused on managing the current technology infrastructure and ensuring that it supports the business, while the CTO is focused on driving innovation and identifying new opportunities for the organization. In some organizations, the CIO and CTO roles may overlap or be combined, depending on the size and complexity of the business.
Wireless routers are essential devices that provide internet connectivity to devices via Wi-Fi. However, they can also be a target for cyber attacks, especially if the security controls on the router are not configured properly or if they have vulnerabilities. Here are some common methods used by attackers to bypass security controls on wireless routers:
How to test api security
Conducting an API security assessment involves several steps to identify potential security vulnerabilities, bugs, and flaws in the API code. The following is a general process for conducting an API security assessment:
For more information about our CATSCAN service contact us.
What is DAST?
Dynamic Application Security Testing (DAST) is a type of security testing that evaluates the security of web applications while they are running. In the context of a service provider selling DAST to a buyer, the service would involve the following steps:
For more information about our CATSCAN service contact us
watch out for social engineering
Social engineering is a tactic used by cybercriminals to trick individuals into divulging confidential information. Here are ten common ways social engineers gain access to confidential information:
For more information about our CATSCAN services contact us today
Finding needles in a haystack
I recently did a interview on the Reimagining Cyber Podcast about advancements in the software security industry. I then took some time to think about the Fortify product that I have worked with for so many years. The pro and the con, what are your thoughts?
OpenText - Fortify
Pros of using source code tools like Fortify for software code quality:
This is my blog, there are many like it but this one is mine. Enjoy.