DevOps Security Best Practices

Continuous Integration : Building security into continuous integration starts with creating security-specific unit tests for critical section of code such as authentication, password management, validation routines and access control. Execute fast, accurate static and dynamic analysis scans for dangerous functions, OWASP Top 10 issues and vulnerable dependencies. Failed tests and high-risk vulnerabilities found in these…

How to pick a right security testing partner ?

Checklist to pick a qualified security partner. Is your security partner recognized by any government bodies ? Does it have specialized/certified staff to perform security assessment services? Companies that are specialized on security-services often outsource penetration tests. Always scrutinize if pentester is of their own and not contracted employee. Do you know if they have …

Web application security testing. What should go into website testing?

What Should Go Into A Web Application Security Testing Checklist ? Contact Form Testing Proxy Server(s) Testing Spam Email Filter Testing Network Firewall Testing Security Vulnerability Testing Credential Encryption Testing Cookie Testing Testing For Open Ports Application Login Page Testing Error Message Testing HTTP Method(s) Testing Username and Password Testing File Scanning SQL Injection Testing…

Source Code Review – What do SAST, DAST, IAST and RASP mean to developers?

Source Code Review Static, Dynamic, Intterupt, Runtime Analysis Techniques: Taint analysis, Memory debugging, Source and Sinks, Parser differential analysis, Linked libraries vulns., Imports vulns., Source objects vulnerabilities and more.. Web, Application, Mobile, Firmware – Any platform. Java, C/C++, DotNet 4.X, Php, Lua and more…. It’s estimated that 90 percent of security incidents result from attackers…

IoT Ethical Hacking – IoT Device Security Testing

IoT Device Security Testing – (Without source code) Perform the security assessment on device physical interfaces to identify the security threats such as privilege escalation, IoT device exploitation, encryption keys and priorities the risk at device level to provide with actionable mitigation steps. Need to know/analyze on Embedded devices software base64 decoding Binary analysis and…

15 Automotive IoT Attack Surface to watchout for!

Cars are likely the most complex connected devices we see. The attack surface is immense – The Internet, mobile, Bluetooth, custom RF protocols, DAB, media files imported over USB, remote diagnostics, telematics, mobile apps… the list goes on: [embedyt] https://www.youtube.com/embed?listType=playlist&list=PLCwnLq3tOElrdkQy_daR4wr9lJCt8c_C6&v=y4R3RizWN_8[/embedyt] What are the most common issues in these areas? Use of plaintext communications, allowing traffic…