New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value
Gartner's new report recommends factoring severity, asset value and active exploits into your vulnerability management process.
Why the Best Defense Is a Good Offensive Security Strategy
Offensive security activities like cyberattack simulations, penetration testing and vulnerability assessments can help companies identify and remediate flaws before cybercriminals can exploit them.
A Step-By-Step Guide to Vulnerability Assessment
Sometimes, security professionals don't know how to approach a vulnerability assessment, especially when it comes to dealing with results from its automated report. Here's how to get started.
Proactive or Reactive Endpoint Security? A Critical Crossroads for SOC Analysts
As the cybercrime landscape expands, SOC teams need endpoint security tools that can reduce the time it takes to gain actionable threat intelligence.
Determining the Scope of Your Security Testing
Organizations often struggle with defining the scope of their security testing, but this is a necessary step that impacts business goals.
When Characters Turn Bad: String Sanitation Bypass via Best-Fit Mappings
If you’re working on software that converts strings from one character set to another, such as when performing UNICODE to ANSI string conversions, you may have probably heard about best-fit mapping conversions.
Use-after-frees: That pointer may be pointing to something bad
If you look at the last few Internet Explorer security bulletins, you'll notice that many of the patched vulnerabilities were use-after-frees (or UAFs) . Use-after-free is still a common bug class because the task of manually identifying them,...
A Buffer Overflow and Two Sandbox Escapes
Hi Everyone, Mark Yason here from IBM X-Force. Last month, we saw the first in-the-wild exploit capable of escaping the Adobe Reader sandbox, a security feature added in Adobe Reader in 2010 to limit the impact of successful exploitation of...