0
This year at the RSA Conference HP officially released its annual Cyber Risk Report. This report is one among many industry reports that individuals and companies who are concerned about security should pay attention to. By paying attention to these trends your company will be better able to secure your IT assets and more effectively allocate IT…
0
TL;DR: We thought we found arbitrary command execution due to an absence of class-whitelisting. We actually found several un-hardened Hudson deployments. Hudson/Jenkins CI instances are deployed insecure by default, with opt-into hardening. The operational reality of opt-in hardening is that it doesn’t happen nearly as much as it should. In broad and liberally scoped…
0
A good first step towards the implementation of a secure SDLC is to take stock of your existing applications. All applications within your organization carry with them a certain level of risk. This risk needs to be quantified in order to guide you towards making effective decisions about security tradeoffs. Classifying your applications from a…
0
Discovering vulnerabilities is often the main objective of security teams within large organizations. This is achieved through initiatives such as penetration testing and source code review. But as we know, this is only the first step towards a secure organization. All those vulns need to be addressed, and the remediation process can often become cumbersome,…
![ps.gjaswdwc.170x170-75[1]](/wp-content/uploads/2011/11/ps.gjaswdwc.170x170-751-112x150.jpg "Down the Rabbithole Podcast")
0
I had the privilege of sitting down with Rafal Los & Glenn Leifheit at OWASP AppSecUSA 2011 in Minneapolis to talk about how we can embed security in QA. Raf was nice enough to record our conversation on his popular Podcast series, Down the Rabbithole. We are big fans of finding practical, repeatable ways to build…
![c7722fe54ded67df1b636f3ce2551809[1]](/wp-content/uploads/2009/04/c7722fe54ded67df1b636f3ce25518091.jpg "Welcome To Seccom Labs")
0
Welcome to Seccom Labs, our site dedicated specifically to helping developers, architects, testers, and everyone else involved in the SDLC with security. This page will include tools, blog entries, articles, videos, whitepapers, and security scenarios. Some of you may be wondering why we’re releasing Seccom Labs when other great open resources like OWASP exist. To…