The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

  • Waking up to the new realities of privacy risk and the need for focused expertise

    David Forman, VP, Privacy and International Assurance, Coalfire

    Last month, Coalfire announced that our certification body was awarded yet another of many “firsts.” In this scenario, Coalfire was the first to expand its registration to a second accreditation body as part of its certification services related to ISO 27701, a framework that governs the activities of privacy information management.

    Read more

  • Getting started with ZAP and the OWASP top 10: common questions

    Dan Cornell, Coalfire

    I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the email, I asked if I could repost it here because I thought it might be a useful resource for other developers getting started using ZAP – so here we go... Read more

  • Android: DNS setup for developing and testing against local web services

    Dan Cornell, Coalfire

    Most “interesting” smartphone applications do not run only on the smartphone device; they rely on supporting web services that can be run both by the deploying organization and 3rd parties. One of the challenges we have run into when developing Android application is setting up a suitable development environment because of issues resolving DNS entries for test versions of services. Read more

  • Command injection in java: 80% proven that it is 100% impossible (sometimes)

    Dan Cornell, Coalfire

    I was reading Alex Smolen’s blog the other day and ran across the post “Command Injection Impossible in Java and .NET?”  Interesting stuff!  In an effort to avoid doing work I should actually be doing, I decided to look into it a bit more. Read more

  • Properties of secure hash functions

    Thought Leadership Team, Coalfire

    The news of NIST and their SHA-3 algorithm competition and a recent lunch and learn at Denim Group reminded me of the Cryptographic lectures I gave at UTSA. One of the hardest concepts my students had grasping was secure cryptographic hash functions, partially because of the number theory, but also in differentiating between the three properties of a secure hash function: collision resistance, preimage resistance, and second preimage resistance. Read more
    • Displaying results 21-25 (of 163)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Show more

RSS Feed

The Coalfire Blog Subscribe to Feed

Tags

Accounting ASV AWS Azure careers CCPA CISO cloud CMMC CoalfireOne Covid-19 CPRA Culture cybersecurity DevSecOps DoD DSS ePHI federal FedRAMP GDPR Healthcare HIPAA HITRUST HITRUST CSF Incident Response IoT ISO IT JSON Kubernetes Vulnerability labs NIST P2PE PA DSS PA-DSS Payments PCI PCI DSS Penetration Testing PHI PowerShell Privacy Ransomware RISE Risk RSA 2019 Scanning Scans security SOC SOC 2 Splunk Spraying Attack Testing Vulnerability management
Close
Top