Pentesting Resourses

Pentesting is a major component of many kinds of security audits, including the PCI-DSS regulation, which requires annual pentests on active systems that handle or hold payment information. Pentesters will use a mix of manual and automated testing, using a

Read more

Secure SDLC

  The Secure SDLC is a framework for introducing various aspects of application security – secure coding, security testing, remediation of vulnerabilities, etc. – throughout an organization’s existing SDLC. The idea is to better build security into the application by

Read more

Threat Modeling

Threat modeling is the process that improves software and network security by identifying and rating the potential threats and vulnerabilities your software may face, so that you can fix security issues before it’s too late. The process is then followed

Read more

Cloudbleed

Cloudbleed (also known as CloudLeak and CloudFlare Bug) is a security bug discovered on February 17, 2017 affecting Cloudflare‘s reverse proxies,[1] which caused their edge servers to run past the end of a buffer and return memory that contained private

Read more

Damn Bugs (but we like them)

  The Heartbleed Bug The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication

Read more

Pin It on Pinterest