There are many tools available for automated testing of web applications. One of the best known is probably sqlmap. Sqlmap allows you to identify and exploit SQL injection vulnerabilities with ease from the command line. However, controls such as CSRF tokens or simple anti-automation techniques such as including a unique hidden value within the form can prevent automated tools from working correctly. Macros in Burp Suite are a great way to bypass these measures in order to carry out automated testing, although they can be complicated to implement.
You’ve had an incident. You’ve managed the fall-out, contained the outbreak and restored normal service. Now is the time to sit down with your incident response teams, your operational teams and other stakeholders and work out how to prevent a recurrence.
During an incident wash-up meeting, you should go over all evidence gathered during the incident, details of actions taken and the reasons why decisions were made given the information available at the time.
Situational awareness throughout incident response activities is of paramount importance. As activities are conducted, new information is likely to emerge. New information may completely change the objectives of your exercise, and teams need to be in constant communication in order to coordinate activities.
Actions assigned to responders during an incident will be informed by the systems and data at risk, business continuity plans for these systems, and the objectives of the incident response exercise.
You have an incident. You know you need to handle it. You’re under pressure, and your team is stressed.
This is often the most dangerous point in an incident response operation. Stressed people under pressure to respond quickly tend to make one of two mistakes:
At some point, your business is likely to have to deal with an incident. When this happens, being able to accurately identify and classify the incident is key to responding effectively with the minimum impact to your BAU operations. Yesterday, we discussed how proper planning will help you get a robust incident response framework in place. Today, we are going to look at the sorts of questions you need to ask yourselves in order to be able to identify and classify an incident, and hence tailor your response.
It is widely acknowledged that these days, it is not a question of 'if', but 'when' an organisation will need to handle a security incident, and as every project manager knows, Proper Planning Prevents Poor Performance.
When you are reviewing your security controls, planning for a security incident in advance is incredibly important.
Ever wondered if you're prepared for a cyber security incident? This week, one of our Directors, Gemma Moore, is guiding you through incident preparation and handling.
Follow us on Twitter for the mini-how-to series, and view the previous blogs here:
With media coverage of security breaches becoming more commonplace, the business world is beginning to realise that it is less a matter of ‘if’ there is a breach and more a matter of ‘when’. Whilst there is often extensive coverage of the cost to the affected company of a data breach, rarely is the impact on the company’s value examined.
We looked at four recent data breaches and examined the impact on share prices for the companies involved, both short and medium term, to see if the value of the company is indeed affected.
Mark Crowther, Associate Director at Cyberis looks at the latest breach at Yahoo and the serious questions it raises about the company's historical and ongoing security programme.
The latest reports say that Yahoo lost data for more than one billion users back in August 2013 and that the data is suspected to contain names, email addresses, hashed passwords, security questions and associated answers. In addition, Yahoo has stated that the attackers have accessed Yahoo proprietary code used to generate cookies for user access without credentials.
Behind every high-profile data-breach headline, there are 100s of other similar stories of cyber attacks that cause major financial pain and reputational loss to their victims. The fact is that cyber crime is no longer a backroom activity but a growing business, driven by hacktivist groups, organised criminal gangs and state-sponsored cyber terrorists. And attacks are no longer directed only at government organisations, large financial institutions and corporations. Companies of all types and sizes are now facing increasing internal and external threats.