Software Security

Thomas Moore
August 13, 2020

“Easy Button Series (Part Two) – The Anatomy of Cyber-as-a Service: Analyzing Security Posture”

“Easy Button Series (Part Two) – The Anatomy of Cyber-as-a Service: Analyzing Security Posture” https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/uploads/2020/08/pexels-vitaly-vlasov-1342460-1-scaled.jpg?time=1637408881 2560 1707 Thomas Moore Thomas Moore https://secure.gravatar.com/avatar/004260259dca32c1e27e1924028decdb?s=96&d=mm&r=g August 13, 2020 November 19, 2020

by Thomas Moore In our last post, we broke down how Cyber-as-a-Service (CaaS) provides an “easy button” to jump-start a cybersecurity program. We established that leadership is the primary component…

MikhailSudakov
May 2, 2018

Dev Overflow – Part 9

Dev Overflow – Part 9 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g May 2, 2018 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 8 Example of XSS that would redirect a victim browsing a particular blog page to the given malicious site. Yep, it is still here, and here to stay! What are we talking about today? A7 - Cross-Site Scripting (XSS) "XSS flaws [...]read more

KevinLackey
May 2, 2018

Securing Automobile Control Systems Part 1

Securing Automobile Control Systems Part 1 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/uploads/2019/03/qtq80-0eumFl.jpeg?time=1637408881 2051 1440 KevinLackey KevinLackey https://secure.gravatar.com/avatar/?s=96&d=mm&r=g May 2, 2018 March 12, 2019

By Kevin Lackey, OT, ICS & SCADA Cyber Security Principal Driving (pun intended) towards a Minimum Security Standard for automotive control systems is more important than ever, as these systems are quickly becoming fully independent from human control. Within 20 years of the advent of computer regulated electronic fuel injection, first mass produced and available to [...]read more

MikhailSudakov
April 4, 2018

Dev Overflow – Part 8

Dev Overflow – Part 8 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/uploads/2019/03/security-lock.jpg?time=1637408881 840 630 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g April 4, 2018 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 7 This is yet another example of why (software) security cannot be just a checkbox. More generally being a way of thinking, here it specifically takes the form of an ongoing process - a process that should have only one possible [...]read more

MikhailSudakov
March 12, 2018

Dev Overflow – Part 7

Dev Overflow – Part 7 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/uploads/2019/03/hacking-2077124_640-sm.jpg?time=1637408881 640 240 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g March 12, 2018 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 6 As previous posts demonstrate, (software) security is a state of mind and not a checkbox to be marked off to meet some criteria, and definitely not something to be added on top of a completed product. The issue of broken [...]read more

MikhailSudakov
February 26, 2018

Dev Overflow – Part 6

Dev Overflow – Part 6 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/themes/movedo/images/empty/thumbnail.jpg 150 150 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g February 26, 2018 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 5 As the following meme suggests, if you fail to disallow arbitrary execution or even inclusion of untrusted instructions in your programs, you really are going to have a bad time that will likely cost you dearly at some point. A4 [...]read more

MikhailSudakov
February 8, 2018

Dev Overflow – Part 5

Dev Overflow – Part 5 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/themes/movedo/images/empty/thumbnail.jpg 150 150 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g February 8, 2018 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 4 Is your application vulnerable to sensitive data exposure? To answer that question, we need to know if it is storing sensitive data. Naturally, we cannot answer the latter without knowing what those sensitive data are in a given context. A3 [...]read more

MikhailSudakov
January 29, 2018

Dev Overflow – Part 4

Dev Overflow – Part 4 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/themes/movedo/images/empty/thumbnail.jpg 150 150 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g January 29, 2018 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. This post is a direct continuation of my previous post on broken authentication and session management, which was split into two parts. You might want to review Part 3 (Back to Part 3) before proceeding. A2 - Broken Authentication (Cont.) Source: an "Office Space" [...]read more

MikhailSudakov
January 15, 2018

Dev Overflow – Part 3

Dev Overflow – Part 3 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/themes/movedo/images/empty/thumbnail.jpg 150 150 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g January 15, 2018 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 2 Restating the main point of this entire blog series, security is about a human's way of thinking and a human's frame of mind - not about steel doors, firewalls, intrusion prevention, or intrusion detection systems. Although those tools will certainly help detect and mitigate [...]read more

MikhailSudakov
January 2, 2018

Dev Overflow – Part 2

Dev Overflow – Part 2 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/themes/movedo/images/empty/thumbnail.jpg 150 150 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g January 2, 2018 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 1 Like all areas of security, software security is a state of mind and a way of thinking. It should not be a goal to be achieved or a checkbox to be checked. Developers must weave it into their software from [...]read more

MikhailSudakov
December 6, 2017

Dev Overflow – Part 1

Dev Overflow – Part 1 https://secureservercdn.net/192.169.223.13/184.13f.myftpupload.com/wp-content/uploads/2019/03/security-265130_640.jpg?time=1637408881 640 426 MikhailSudakov MikhailSudakov https://secure.gravatar.com/avatar/?s=96&d=mm&r=g December 6, 2017 March 12, 2019

By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Typical computer science graduates (our software engineers of tomorrow) may be fair logicians and problem solvers; alas, they have at best very little knowledge of software security. Unsafe computer instruction blunders are seen left and right unfortunately. Today's machines are as powerful as they are dumb. [...]read more