Category: Best Practices

krack-man-in-the-middle

KRACK: Emphasizing the Importance of Security Patching Policies


What is KRACK Recently, researchers were able to create working proof-of-concept code allowing for exploitation of some of the strongest wireless security currently in existence. Previously thought only as theoretical, the attack, code-named KRACK, exploits flaws in the WPA2 protocol’s cryptographic implementation. While the research notes that Android is the most vulnerable operating system, it

Secure Code Review

Secure Code Review: How Secure is Your Code?


How Secure Is Your Code? For many companies who develop software, throughput is always a critical metric. Directors, managers, and project leads constantly focus on the speed at which they are moving forward. Truth be told, they have to maintain this focus. If new code and applications are not being released on a regular basis,

Elastic Stack for Log and Data Analysis and Analytics


Short on time? Click here to jump to our Elastic Stack Use Case and Business Example! The Challenge Many organizations strive to find affordable methods to manage, maintain, and audit their IT logs. From firewalls, to servers, to applications, and more, the variety of log sources and types is nearly endless. Equally endless are the

Is Your Electronic Customer Data Protected?


As more information continues to become available regarding the recent data breach of the hospital networks of the University of California, Los Angeles, one IT truth rings out loud and clear. Monitoring your network is simply not enough anymore, you must take active, meaningful strides to segment your network and encrypt your data. Ultimately, at

Penetration Testing in Support of PCI DSS 3.0


The Payment Card Industry (PCI) has recently released version 3 of the Data Security Standard (DSS), which is part of the compliance assessment for entities performing payment card processing, including merchants, processors, financial institutions, and service providers. Paragraph 11.3 of PCI DSS 3.0 requires the implementation of a penetration testing methodology, and greatly expands on