I. Introduction: Importance of staying updated with frameworks like MITRE ATT&CK In the realm of offensive security, staying updated with frameworks like MITRE ATT&CK is pivotal. It provides a structured understanding of adversary behaviors, which is crucial for red teamers to emulate realistic threat scenarios effectively. Each update, such as the recent v14, brings forth… Continue reading MITRE ATT&CK version 14
Category: Framework
Google Announcing GUAC, a great pairing with SLSA (and SBOM)!
The industry is collectively aware of the importance of supply chain security. Recent events include a sharp increase in software supply chain attacks, a catastrophic severity and breadth Log4j vulnerability, and even an Executive Order on Cybersecurity.In light of this, Google is looking for contributors to the GUAC open source project (pronounced like the dip).… Continue reading Google Announcing GUAC, a great pairing with SLSA (and SBOM)!
Canarytokens. org – Rapid, Free, Mass Detection
IntroductionWeb bugs, the transparent images that monitor email opening, are probably already familiar to you. They operate by inserting a special URL in the image tag of a page and keeping an eye on incoming GET requests. Imagine doing that instead for file reads, database searches, process executions, log file patterns, Bitcoin transactions, or even… Continue reading Canarytokens. org – Rapid, Free, Mass Detection
Serverless Top security best practices
Describe serverless.A cloud execution model is serverless computing. It enables users and developers to create and use applications and services without having to worry about servers. Applications are created more quickly, launched only when necessary, and infrastructure management is no longer necessary. Servers do still exist in serverless, but they are removed from the process… Continue reading Serverless Top security best practices
The Microsoft Threat Modeling Tool (TMT)
A crucial component of the Microsoft Security Development Lifecycle is the Threat Modeling Tool (SDL). Early detection and mitigation of potential security issues, when they are still manageable and affordable to fix, is made possible for software architects. It consequently significantly lowers the overall cost of development. Additionally, since we created the tool with non-security… Continue reading The Microsoft Threat Modeling Tool (TMT)
OWASP Threat Dragon : open-source threat modeling tool from OWASP
Threat modelling is regarded as a potent method for incorporating security into application design at an early stage of the secure development lifecycle. It is most effective when used for: ensuring depth in the defenceimplementing uniform security design patterns throughout an applicationreleasing user stories and security requirements quicklyFor teams using the STRIDE methodology, OWASP Threat… Continue reading OWASP Threat Dragon : open-source threat modeling tool from OWASP
Threat Modeling: Choosing the Right Method for Your Business
Why Threat Modeling Is Important and What It IsIdentifying and evaluating threats that an attacker (threat) could exploit is done through the exercise of threat modelling. Consider a threat model for your home to help you better understand threat modelling. Your home likely has assets, or things that an attacker would value, like cash, jewellery,… Continue reading Threat Modeling: Choosing the Right Method for Your Business
IriusRisk Threat Modeling for Security and Development Teams
Threat modelling: what is it?Basics of Threat Modeling Threat modeling’s fundamental tenet is the identification, disclosure, and management of security flaws. This is accomplished by being aware of the threats and attacks the system might face as well as the corresponding countermeasures (controls). Security by design vs. Fixing in production Threat modeling’s guiding principle is… Continue reading IriusRisk Threat Modeling for Security and Development Teams
Kenna: RISK-BASED VULNERABILITY MANAGEMENT
Why You Should Consider More Than CVSSAs previously mentioned, one typical method of sorting and prioritising which vulnerabilities to fix first is patching vulnerabilities that have a CVSS score in a specific range. However, using CVSS scores to rank vulnerabilities has some built-in issues. It’s a static scoring method, to start. Prior to any exploits… Continue reading Kenna: RISK-BASED VULNERABILITY MANAGEMENT
A Holistic Performance Management Framework for Implementing Cybersecurity Strategies by BCG & STC
The frequency and cost of cyberattacks is accelerating. Globally, the cost of cybercrime is estimated to have risen from $445B in 2015 to over $2.2 trillion today. The frequency and size of data breaches are growing exponentially across all industries (Exhibit 1). In 2021, leading organizations across almost every sector reported major attacks, including tech… Continue reading A Holistic Performance Management Framework for Implementing Cybersecurity Strategies by BCG & STC