FFIEC and DDoS Testing

posted on Aug 24, 2015 by sahba

DDoS has now secured itself a top 5 spot on most financial institutions’ list of security risks.  With a few exceptions out there, the question is no longer whether you have DDoS mitigation in place, but rather how mature your DDoS defense strategy needs to be. The FFIEC recently released a Cybersecurity Assessment Tool to help financial…

DDoS – An Attacker’s Perspective

posted on Aug 10, 2015 by Yousif Hussain

As you know, the evolution of Distributed Denial-of-Service (DDoS) attacks has many organizations scrambling to defend themselves. Even with defenses in place, a site is never truly protected until the defense is tested. Our team has been busy as of late; ensuring mitigation solutions are living up to their claims and ensuring the quality of…

Women In Tech: Opheliar Chan

posted on Jul 29, 2015 by Yousif Hussain

This blog series has allowed us to get to know multiple women in the Security and Technology industry. It is interesting to see the varying paths they took to get to Security Compass. Their passion for technology is what led them to where they are today, and will fuel them to continue to make a…

Security Compass Internal CTF Write-Up

posted on Jul 6, 2015 by Geoff Heymann

A link to the CTF discussed below: Introduction I thoroughly enjoyed the CTF organized by Stephen Hall for a recent Learning & Growth session at Security Compass. I was in awe of how some of my co-workers solved the challenges, and wanted to understand their mindset. So, I looked at one of the challenges no…

Understanding Strengths and Limitations of Static Analysis Security Testing (SAST)

posted on Jun 1, 2015 by Rohit Sethi

Many organizations invest in Static Analysis Security Testing (SAST) solutions like HP Fortify, IBM AppScan Source or Checkmarx or Coverity to improve application security. Properly used, SAST solutions can be extremely powerful: they can detect vulnerabilities in source code during the development process rather than after it, thereby greatly reducing the cost of fixing security…

Improving Your Password Habits With Passphrases

posted on May 29, 2015 by Chris Bonk

Preceding my work at Security Compass, the pursuit of my Masters of Computer Science led me to conduct research on user authentication, passwords and, more specifically, the study of human selection of long text-based passphrases. The research was done under the supervision of Dr. Julie Thorpe at the University of Ontario, Institute of Technology (UOIT)….

Dynamic DDoS Defense

posted on May 19, 2015 by Michael Bennett

Figure 1: SDN blocking a malicious attack Intro Let’s face it, DDoS attacks are growing both in size and complexity. Botnets used to launch DDoS attacks can contain anywhere from hundreds of thousands to millions of bots and as long as malware is prevalent across the Internet those numbers will continue to grow. Not to…

Breaking into the Industry: Information Security

posted on May 11, 2015 by Pratik Amin

Information Security is hiring. It’s not only major security companies looking for talented and experienced people but large organizations are starting to build out their own internal security teams. This is causing a major talent gap in the industry, everybody is competing for the same small group of people and the demand is much higher…

Making Smart Locks Smarter

posted on May 5, 2015 by stephen

Introduction: During a recent Security Compass ‘Hack Week’ we decided to take a look at smart locks in an attempt to assess the current state of Smart Lock Security.  For our project we decided to take a look at the August Smart Lock. The August Smart Lock is an electronic locking mechanism that can be…

Reblog: (ISC)2 CSSLP and Security Compass Training

posted on May 5, 2015 by Isabel Choi

Source: Simoneonsecurity Author: Simone Curzi – The author of this Blog, Simone Curzi, has been a Senior Consultant and Delivery Architect in Microsoft Consulting Services (MCS) Italy for more than 6 years and has spent a total of 15 year as a Consultant in MCS. Now he is a Senior Premier Field Engineer, specifically on Security topics…