As a Security Consultant for NTT Security (US), Inc. Professional Security Services, I have the privilege of witnessing many application security programs. I see programs that work great, are healthy, and handle risk management very well. Then there are programs that have either missed the mark completely, or are healthy but have some maturing to do.
In this blog I’ll be focusing on organizations or development teams that use a more traditional “waterfall” style approach to application development. I’ll attempt to identify traits of a healthy application security program in order to provide ideas for programs that could use some maturing. If your organization uses a more modern “agile,” “iterative,” or “kanban” style of development we will address those specific challenges in Part 2 of the series.
I’m sure many of us have heard that successful... read more >
Building a PCAP Record Extractor Using Python
About three years ago I wrote an article about building your own packet analyzer in Python. Today we are going to continue down a very similar but different path, this time building a tool that provides another service.
Occasionally, I find myself needing to extract an entire packet from a packet capture (PCAP). The reasoning varies between testing a custom decoder or parser I have written, or including the data in a report, or sometimes just wanting to visualize or structure the data in another way. Packet extraction can be done using Tshark extracting field by field, then reassembling the individual components. The process can be tedious, and probably has a higher error and frustration rate. So whatever can we do; who or what will save the day? Dun dun dun, Python sweeps in over the horizon, wind blowing in its hair, Michael Bolton theme song blasting in the background, swoops to the rescue (dramatic pause), fade to... read more >
Preventing Incident Response Frustration #WarStoryWednesday
Ever try to chop down a tree with a fork? Any type of skilled labor requires the use of proper tools, and incident response is no different. In my experience as an incident responder, many organizations often lack both the proper incident response tools and staff trained to use those tools. In this war story, we take a look at what that can mean for rapid response and remediation.Incident Response War Story
In a recent incident response engagement, a victim of a data breach contacted us regarding the loss of credit card data. This company had received a notification from a Federal law enforcement agency, which, during an investigation, had observed the organization’s IP addresses in relation to stolen credit card data. Further investigations showed that the stolen credit card data had been taken from the organization’s network. The notification had little for the organization to go on, which is typical in this type of situation. Yet,... read more >
I am extremely excited to let you know that NTT Group has unified the NTT security businesses to form NTT Security Corporation, a specialized security company to deliver Managed Security Services (MSS) and security expertise through the NTT operating companies worldwide. NTT Security will combine Solutionary with NTT Coms Security and the managed security services platforms of both Dimension Data and NTT Communications, all of which will be integrated with the security platform of NTT Group’s R&D arm, NTT Innovation Institute. As a result of the merger, the Solutionary company name will change after August 1 to NTT Security (US) Inc. This name change will allow us to present ourselves as a fully-fledged subsidiary of the NTT Group.
The rationale for this merger is quite simple: together we have an improved ability to deliver what our clients and the security industry have long been asking for – an integrated approach to cutting-edge security solutions... read more >
Order of operations
Sometimes, a little old school math can help restore order when it comes to fine tuning your environment. Let me explain.Definitions:
Software: Specific, as in OpenSSH
Software version: More specific, as in OpenSSH 6.2
Signature: A known pattern that we are looking for. Typically this affects specific software.
Traffic: For our examples, it will be traffic that either matches a pattern or does not.
Event: An alert that says "Look at me!... read more >
Shrinking variety of attacks, inside Business Email Compromises, update on ransomware, perspective on China’s new Five Year Plan, and highlights from PCI DSS 3.2.
Solutionary observed a flattening of attack types during Q2 ’16. In recent quarters, web applications made up as much as 42 percent of observed attacks. In Q2 ’16, web application attacks made up 24 percent of such attacks. The top three attack types – web-application... read more >
Learning from a Mentor
In information security, there are so many career niches, so many new information security topics and technologies and so many evolving cyberattacks and breaches. To keep up with the rapidly changing information security field, you can never stop learning. One fantastic method to become more educated is to find a mentor.How do you find a good mentor?
A good mentor is someone who has patience and is able to explain complex topics in a multitude of different ways to ensure everyone is able to understand. One of the best places to look for a mentor is at your current place of employment. Many people have senior individuals where they are employed that have been in the field for years and can explain highly complex topics. If there is a senior person where you work, try asking them if you can shadow them when they perform specific tasks that you want to learn more about. You can also ask if they can set aside time on a weekly or monthly... read more >