The Cloud is Beige - The demise of black box testing
April, 2020, Mike Weber, Vice President, Coalfire Labs
Black-box penetration testing is dead. I’d question why it is even a consideration. It’s of limited and dubious value in almost any context. Wait, wait… I didn’t mean that. Put down the pitchforks and torches, development and QA teams, I’m only talking about black-box penetration testing. Yes, traditional software functional or regression testing in a black-box manner does have a purpose. Validating the functional requirements of the code has a place, and it’s valuable. Non-functional black-box testing has a place as well, when evaluating the sturdiness of an application such as load testing and the like. Settle down.
Sleuthing the Cloud: The Challenges of Forensics in Cloud Environments
April, 2018, Robert Meekins, Director, Forensics, Coalfire
More and more companies are embracing Cloud computing for the practicality, efficiency, and economy of outsourcing the housing, maintenance, and monitoring of applications and their associated infrastructure to a third-party provider. As the Cloud becomes more the norm than the exception, there is no lack of choices: Providers such as Amazon (AWS), Microsoft, IBM, and countless others are providing a variety of solutions, from e-commerce sites that process payments and credit cards, to developmental networks used to test and configure operational assets.
Truth is SCARIER than Fiction Redux
October, 2014, Mike Weber, Vice President, Coalfire Labs
Yes... To be honest, although we really do some neat stuff here at Coalfire Labs that can be pretty scary, I’ve got to give a shout out to “reality” for being even scarier than any emulated attack we could possibly develop. The astounding number of data breaches announced this year is just shocking, really. It really felt like there was a new one every month. As it turns out, there was! Even more than that on average, as we’ve had at least 14 of them over a 10 month span.