vulnerability assessment

You Must Be This Tall . . .

Imagine going in to do an incident response at a fairly large customer that has no visibility within their firewalls, no intrusion detection, no sense of inventory, because they had no ability to run even the most basic of vulnerability scans across their network. If I just described something that sounds a little scarily like …

You Must Be This Tall . . .Read More »

Practical Pentest Advice from PCI

The PCI Security Standards Council released a Penetration Testing Guidance information supplement in March 2015.  This document, while geared towards the Payment Card Industry, provides a lot of valuable advice to the providers of penetration tests and their clients, regardless of industry.  At 40 pages in length the document might seem a bit heavy, so …

Practical Pentest Advice from PCIRead More »

SQLite: the good, the bad, the embedded database

SQLite is an embedded, open-source, lightweight SQL database engine. The C based library is transactional, self-contained, and highly compact. It’s also fairly easy to implement. It doesn’t require any sort of installation or configuration, and all data is stored locally. This is very differently from a standard Oracle or MySQL database, so don’t make the …

SQLite: the good, the bad, the embedded databaseRead More »

Scroll to Top