Several selected clients, who already believe in our service.
https://blog.inspectiv.com/owasp/ By Team, Inspectiv The Open Web Application Security Project (OWASP) was founded to ‘improve the security of software.’ They have existed for nearly 20 years and now have ‘hundreds of chapters and tens of thousands of members worldwide.’ The resource library they have created to assist developers, technologist, and their companies are incredible. The knowledge […]
https://www.inspectiv.com/articles/sso-saml-vulnerabilities-token-attacks By Team, Inspectiv The Solution We Turn To That Bad Actors Abuse Security Assertion Markup Language (SAML) has been around for many years and is commonly used for federated Single Sign-On (SSO). Bad actors have been abusing the trust that we place in these systems for some time. The National Security Agency (NSA) released […]
The Federal Bureau of Investigation (FBI) announced in 2019 that business email compromise (BEC) had cost businesses internationally between June 2016 and July 2019 over $26 billion. BEC is an attack that convinces someone to transfer funds to a bad actor by pretending to be the chief executive officer (CEO) or chief financial officer (CFO). […]
https://www.inspectiv.com/articles/broken-authentication-and-idor-a-big-but-solvable-problem By Team, Inspectiv One of the biggest problems we have in information security today is Broken Authentication and IDOR. The 2021 Verizon Data Breach Investigation Report (DBIR) shows that bad actors use stolen credentials a large percentage of the time. As a result, we have a massive problem with broken access control in our […]
You may already know that on December 18th, 2017 (ISC)2 moved English language CISSP exams to Computer Adaptive Testing (CAT). The question posed by many, is “What does this mean to me?” Let’s take a look at that and other related questions. Will the changes mean that it is more difficult to pass the exam? […]
The Global Information Security Workforce Study (GISWS) is a joint effort conducted biannually by the Center for Cyber Safety and Education and (ISC)2. The 2017 study indicates there will be a “cybersecurity workforce gap of 1.8 million by 2022”. (https://iamcybersafe.org/gisws/) The study further reveals that the number one reason for this shortage is due to […]
Is cloud security possible? In a word yes, although it will take a little longer to explain. Possibly a lot longer for everyone involved in acquiring and configuring cloud to get it right. The Problem When we move to cloud services it is possible to secure that environment as well as we secure our business’s […]
Much of the confusion on the topic of Link vs. End-to-End encryption is due to conflicting terminology used to say the same thing. Let me try to help… Data can be encrypted in either two fashions – with or without the IP header (routing information) encrypted. Either way the DATA is protected for confidentiality purposes. […]
I am so excited to announce that we have published our CISM prep guide on Amazon. It is available in Kindle or Print versions worldwide.