The Difference Between Auditing and Vulnerability Scanning

Technical Auditing and Vulnerability Scanning Why both look the same, yet have subtle differences When talking about auditing, I see that most technical people immediately think about vulnerability scanning. While they definitely have things in common, there are also a lot of minor differences. In this blog post I will show them, and also share how technical auditing and vulnerability scanning can work together. Similarities and Differences Let’s first determine what makes technical auditing and vulnerability scanning look similar. First […]

Read more

Secure Software Development: CII Best Practices

Best Practices from the Core Infrastructure Initiative Last month the Core Infrastructure Initiative, or CII, launched their CII best practices project. Its primary goal is to gamify the process of building more secure software. Let’s have a look at the project, and how it can help. Open Source and Security If we look in the open source world of software, we see that many projects were created by volunteers. While doing this voluntary, this doesn’t say anything about the quality of the […]

Read more

Audit Installed Compilers and Their Packages

Audit Installed Compilers and Their Packages Compilers can be the gateway for an attacker. By misusing a possible weakness in your system(s), a compiler is often used to build the related exploit code. One way to prevent this is to determine what compilers are installed, and remove or restrict them. Comparing Installed Packages and Compilers One way to audit the system is creating a list of common compilers and packages, then match these with the installed packages. Common compilers cc […]

Read more

Vulnerability Scanning: The Destiny to Disappointment?

The Need Of Vulnerability Management Our digital world is full of hardware and software components. The big difference between the two is the quality. When hardware ships with defects, people will return it and talk badly about it. For software it is fine if things are not perfect from the beginning. It can be improved upon in steps, until most of its users are happy with it. Developers of this software often are some level of pressure. We already know […]

Read more

How the web changes with HTTP/2: Performance and Security

Changes to the web: HTTP/2 Performance and Security On invitation by the Dutch consultancy firm Snow, I attended their Snow Unix Event (SUE). It was the third time in a row, with again an impressive lineup of speakers. As I worked previously for the company, I expected no less than that. The theme was about knowledge sharing. That sounds like an invitation to also share some of the biggest insights I learned. Let’s start with the HTTP/2 insights by Daniel […]

Read more
12330