Network Vulnerability Scanning Doesn’t Protect You

Vulnerability scanning can have a detrimental negative impact on the security posture of your IT infrastructure if used improperly. This negative impact is due to a perceptional issue that has been driven by the vendors who sell vulnerability scanning services or the vulnerability scanners themselves. The hard facts prove that vulnerability scanners can not protect…

Finding The Quality Security Vendor (Penetration Testing, Vulnerability Assessments, Web Application Security, etc)

While I’ve written several detailed white-papers on the subject of identifying quality security vendors, I still feel compelled to write more about the subject. It is my opinion that choosing the right security vendor is critical to the health and safety of a business.  Choosing the wrong vendor can leave you with a false sense of…

ROI of good security.

The cost of good security is a fraction of the cost of damages that usually result from a single successful compromise. When you choose the inexpensive security vendor, you are getting what you pay for. If you are looking for a check in the box instead of good security services, then maybe you should re-evaluate…

Raising Infrastructural Awareness in 2008

Before 2008 nobody had done any high visibility vulnerability research and exploit development against critical systems used to maintain our critical infrastructure.  In early to mid 2008 that all changed.  Initially Core Security released a security vulnerability for Citect SCADA. That security vulnerability got media attention because it was one that could be used to…