23 posts from July 2012

July 31, 2012

At Black Hat, former FBI agent Shawn Henry spoke on a new security paradigm which was based on the idea that "It is not enough to watch the perimeter." Almost exactly a year ago, we...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

July 26, 2012

Yesterday at Black Hat Ivan Ristic gave a talk on WAF evasion. Ivan began his talk by correctly noting that WAFs are an essential part of an appsec strategy. With the growth apps and their...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)
Today, we conclude our blog series on SharePoint security, where each day we took a closer look at the five lines of defense you need to secure your SharePoint environment from both internal and external...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

July 24, 2012

“SharePoint 2010 deployments grew 5x in the past six months.” -Global 360 2011 SharePoint Security Gap: SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)
Great blog on how hackers are emulating Google when they hit your site.Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

July 23, 2012

Forbes is reporting that gaming website Gamigo was breached. The article notes: When this breach originally happened, the data wasn’t released, so it wasn’t a big concern. Now eight million email addresses and passwords have...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)
“31% of organizations are using SharePoint for externally facing Web sites, and another 47% are planning to do so." -Forrester Research, Inc. 2011 SharePoint Security Gap: Native SharePoint does not include Web application firewall protection....Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)
Here we have a good lesson in file security from Las Vegas' Palms casino: The IT department reported that on April 14, Hemingway had emailed from her Palms email address to a personal email address...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

July 20, 2012

"96% of breaches were avoidable through simple or intermediate controls." - Verizon Data Breach Report 2011 SharePoint Security Gap: Native SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond...Read More
Share:
Share on LinkedIn
It's that time of year again: 10. How about we go home and validate my input? 9. Your pen testing lab, or mine? 8. Your mouth says, ‘Spam’, but your eyes say, ‘Breach me.’ 7....Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)