What’s in a Name? – Why Gartner Picking “Application Vulnerability Correlation” is an Important Step for the Application Security Market
If you haven’t seen it yet, Gartner just published its “Hype Cycle for Application Security, 2016” written by Gartner Analyst Ayal Tirosh with support from colleague Lawrence Pingree (Gartner clients…
Baselining PassGAN: Adventures in the rhubarb
Cracking is a complex topic full of misunderstandings, confusing terminology and weird people. This blog post is front-loaded with some terminology, some explanations, and maybe some apologies. Password cracking: This…
IoT Part 3: Fire!
When we left off in Part 2 of our blog series, we had just identified the max temperature variable and set it to a much higher number. Our celebrations quickly…
Coalfire statement on racial injustice
In honor of Juneteenth, I wanted to reflect and share my thoughts. At Coalfire, we are committed to living our values: Respect, Excellence, Leadership, Integrity, Teamwork, and Enthusiasm. As a…
A strategy for cybersecurity strategy
Let’s start with an assumption: Having a cybersecurity strategy is best practice. So, what makes a good cybersecurity strategy? You’d be surprised how this answer varies across the security industry,…
New HC3 report defines security assessments needed for healthcare organizations during and after COVID-19
The Health Sector Cybersecurity Coordination Center (HC3) recently delivered a report that defines and articulates the security assessments and information technology audits that should be considered during and after the…
Using DAST to Expand DevOps Security Coverage
The state of application security is constantly evolving with changing web architectures and approaches. These changes are making security teams employ a wider range of techniques and toolsets to find…
Headless, Unattended Scanning in Burp Suite Professional 2.0 with Seltzer
Burp Suite Professional (Burp) is one of the best tools available for penetration testers. It is feature-rich, intuitive, well-supported, and customizable. However, it can be difficult to use Burp for…
A new way to manage supply chain risk – Introducing the AICPA SOC for Supply Chain report
With the continuation of its System and Organization Controls (SOC) suite of services (SOC 2®, SOC for Cybersecurity, etc.), the American Institute of Certified Public Accountants (AICPA) has released a…
Planning Ahead to Prevent Vulnerabilities
The cost to remediate vulnerabilities increases as those vulnerabilities make it further into the development process. If they make it into a final release, those vulnerabilities can leave organizations vulnerable…