Blog

Vulnerability Scoring 102
Blog

Vulnerability Scoring 102

By Tyler Reguly on Wed, 01/14/2015
In my last post, I talked about the basics of vulnerability scoring in vulnerability management and the disparity that can exist when you score the subjective elements of a vulnerability. We looked at the variance that can exist within CVSSv2 and how a properly developed score can show a clear difference between two unique issues. This time, I want...
Top Influencers in Security You Should Be Following in 2015
Blog

Top Influencers in Security You Should Be Following in 2015

By David Bisson on Thu, 01/08/2015
In December of 2011, Tripwire published a list of security’s top 25 influencers. More than three years later, we are pleased to announce a new list for 2015 -- The Infosec Avengers! For each influencer whom we have selected, we include their Twitter handle, blog URL and reasoning for selecting them. We also include their answer for what infosec...
Six Strategies for Reducing Vulnerability Risk
Blog

Six Strategies for Reducing Vulnerability Risk

By Former Tripwire Employee on Tue, 01/06/2015
There's little doubt that effectively remediating vulnerabilities is an important part of a comprehensive information security strategy. Vulnerabilities in desktops, servers, laptops and infrastructure are commonly involved in intrusions and incidents. For example, the Chthonic malware designed to steal banking details, exploits a known Microsoft...
Mobile Payment Security Faces an Uphill Battle in 2015
Blog

Mobile Payment Security Faces an Uphill Battle in 2015

By David Bisson on Mon, 01/05/2015
Only one percent of consumers believe using a third-party mobile payment provider, such as Apple Pay or Google Wallet, is a safe way to pay for in-store purchases, reveals Tripwire, Inc. This past holiday season, One Poll and Dimensional Research conducted a consumer survey of over 2,011 consumers in the United States and UK. The survey’s findings...
Blog

Vulnerability Management: Just Turn It Off! Part III

Mon, 08/18/2014
Four unnecessary risks that often appear in even the most secure networks, and step-by-step instructions on how to immediately address these considerable risks that can be hurting the security of our environment.
Vulnerability & Risk Management
Blog

Vulnerability Management: Just Turn It Off! Part II

Wed, 08/06/2014
Our last post in the “Turn It Off!” blog series discussed some of the most common and yet unnecessary features that can make your environment more vulnerable, including JBoss JMX consoles, server banners and the Apache HTExploit. These risks are often encountered by our Vulnerability and Exposure Research Team (VERT), even on well-defended networks and many of which have been around for quite...
Vulnerability & Risk Management
Blog

Friends Don’t Let Friends Mix XSS and CSRF

By Craig Young on Sun, 02/16/2014
In preparation for my upcoming talk at BSides SF about finding vulnerabilities, I would like to share today some insights regarding two common types of vulnerabilities which leverage web browser in two unique ways. The goal of these vulnerabilities is quite different however. One is used to run untrusted code while the other is used to hijack authentication. The combined effect of these issues...
Vulnerability & Risk Management
Blog

Penetration Testing with Smartphones Part 1

Fri, 11/30/2012
When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network remotely. Companies focus most of the security spending and policies on keeping hackers out remotely, from firewalls and other security hardening appliances, software and tools. However, given the proliferation of mobile devices in the workplace and use of Wi-Fi...
Vulnerability & Risk Management