• May 2, 2018

  Dev Overflow – Part 9

  By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 8 Yep, it is still here, and here to stay! What are we talking about today? A7 – Cross-Site Scripting (XSS) “XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or … Continue reading Dev Overflow – Part 9 → READ MORE >

  • 0
  • read more
• May 2, 2018

  Securing Automobile Control Systems Part 1

  By Kevin Lackey, OT, ICS & SCADA Cyber Security Principal Driving (pun intended) towards a Minimum Security Standard for automotive control systems is more important than ever, as these systems are quickly becoming fully independent from human control. Within 20 years of the advent of computer regulated electronic fuel injection, first mass produced and available to … Continue reading Securing Automobile Control Systems Part 1 → READ MORE >

  • 0
  • read more
• April 4, 2018

  Dev Overflow – Part 8

  By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 7 This is yet another example of why (software) security cannot be just a checkbox. More generally being a way of thinking, here it specifically takes the form of an ongoing process – a process that should have only one possible … Continue reading Dev Overflow – Part 8 → READ MORE >

  • 1
  • read more
• March 12, 2018

  Dev Overflow – Part 7

  By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 6 As previous posts demonstrate, (software) security is a state of mind and not a checkbox to be marked off to meet some criteria, and definitely not something to be added on top of a completed product. The issue of broken … Continue reading Dev Overflow – Part 7 → READ MORE >

  • 1
  • read more
• February 26, 2018

  Dev Overflow – Part 6

  By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 5 As the following meme suggests, if you fail to disallow arbitrary execution or even inclusion of untrusted instructions in your programs, you really are going to have a bad time that will likely cost you dearly at some point. A4 … Continue reading Dev Overflow – Part 6 → READ MORE >

  • 0
  • read more
• February 8, 2018

  Dev Overflow – Part 5

  By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 4 Is your application vulnerable to sensitive data exposure? To answer that question, we need to know if it is storing sensitive data. Naturally, we cannot answer the latter without knowing what those sensitive data are in a given context. A3 … Continue reading Dev Overflow – Part 5 → READ MORE >

  • 0
  • read more
• January 29, 2018

  Dev Overflow – Part 4

  By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. This post is a direct continuation of my previous post on broken authentication and session management, which was split into two parts. You might want to review Part 3 (Back to Part 3) before proceeding. A2 – Broken Authentication (Cont.) Authentication (Cont.) To recap … Continue reading Dev Overflow – Part 4 → READ MORE >

  • 0
  • read more
• January 15, 2018

  Dev Overflow – Part 3

  By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 2 Restating the main point of this entire blog series, security is about a human’s way of thinking and a human’s frame of mind – not about steel doors, firewalls, intrusion prevention, or intrusion detection systems. Although those tools will certainly help detect and mitigate … Continue reading Dev Overflow – Part 3 → READ MORE >

  • 0
  • read more
• January 10, 2018

  Security Beyond the Perimeter

  By Andrew Hay, Co-Founder and CTO, LEO Cyber Security Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, … Continue reading Security Beyond the Perimeter → READ MORE >

  • 0
  • read more
• January 2, 2018

  Dev Overflow – Part 2

  By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 1 Like all areas of security, software security is a state of mind and a way of thinking. It should not be a goal to be achieved or a checkbox to be checked. Developers must weave it into their software from … Continue reading Dev Overflow – Part 2 → READ MORE >

  • 0
  • read more