The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • The Threats That Are Your Weakest Link

    June 25, 2018, Mike Weber, Vice President, Coalfire Labs

    Coalfire published the latest report in its Securealities series, The Penetration Risk Report, and it’s based on findings from Coalfire penetration tests. It includes data drawn from engagements with businesses of all sizes, spanning financial services, retail, healthcare, and technology/cloud service providers. Some findings were contrary to current accepted wisdom on cybersecurity while other findings confirmed long held notions for others.

    Read more
  • IoT Discussion at the Leidos Supplier Innovation & Technology Symposium

    June 12, 2018, Abel Sussman, Senior Project Manager, Commercial Services, Coalfire

    Coalfire was asked to participate on a technical panel about the Internet of Things (IoT) at the Leidos Supplier Innovation & Technology Symposium on June 6. This event is a dynamic day enabling Leidos’ largest suppliers as well as targeted start-ups to showcase their offerings and capabilities to a diverse set of federal leaders and key contractors.

    Read more
  • How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL

    June 11, 2018, Darrell Damstedt, Senior Consultant, Coalfire Labs, Coalfire

    I like to do bug bounties from time  to time, mostly when I am sacrificing sleep once the kids are finally out cold.  This seemed like a worthy experience to document. Let me just start by saying I  don't plan on going into the whole recon bits too deeply here. Maybe I will someday if I ever have enough time to give the topic the justice it deserves. 

    Read more
  • Pro Tips: Testing Applications Using Burp, and More

    June 08, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    Burp Suite is one of my favorite tools for web application testing. The feature set is rich, and anything that it does not do by default can usually be added with an extension. There are a few things, however, that while they exist in Burp Suite, are not completely intuitive. Below are a few pro tips to help you get the most out of your web application tests.

    Read more
  • A Cyber Engineering Primer: Vulnerability Management Lifecycle

    June 07, 2018, Ben Scudera, Cyber Engineering Consultant, Coalfire

    According to the SANS Institute, “Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization.”

    Read more
  • Displaying results 31-35 (of 325)
     |<  <  3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12  >  >| 

Recent Posts

Post Topics

Archives

Tags

2.0 3.0 access Agency AICPA Assessment assessments audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act Chertoff cloud CoalfireOne Compliance credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA Safe Harbor scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS