The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, Retail, Financial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

Success stories in cybersecurity and information technology

Ian Walters, Principal, Thought Leader, Coalfire

RISE is Coalfire’s initiative to Recruit, Influence, Support, and Educate women in cybersecurity. I am honored to have been invited to be an active member of the RISE steering committee and help contribute to this worthy cause.
Read more
AppSec concerns: UUID generation

Thought Leadership Team, Coalfire
During static analysis, one of the things the application security team checks for is strong random number generation for security sensitive contexts. We see weaknesses in this space quite often for temporary passwords and session identifiers, but an increasingly common variant is for universally unique identifiers (UUIDs). Read more
Asymmetric-key algorithms and symmetric-key algorithms

Thought Leadership Team, Coalfire
The symmetry of the algorithm comes from the fact that both parties involved share the same key for both encryption and decryption. It works similar to a physical door where everyone uses a copy of the same key to both lock and unlock the door. A symmetric-key algorithm, just like real doors, requires the distribution and security of shared keys. Read more
Automated application scanning: handling complicated logins with AppScan (only!)

Dan Cornell, Coalfire
Ory Segal (@orysegal) from IBM Rational reached out with a simpler method to handle this natively in AppScan. It involves configuring AppScan to add a custom parameter to each request. For the sample case in the authexamples GitHub repository it would be handled like this. Read more
New cybersecurity legislation to amend the Health Information Technology for Economic and Clinical Health (HITECH) Act – an analysis of H.R. 7898

Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

New legislation was passed by Congress and signed by the president on January 5, 2021 that amends the HITECH Act with an additional section titled: SEC. 13412. RECOGNITION OF SECURITY PRACTICES.¹
Read more

Displaying results 26-30 (of 163)

|< < 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 > >|

The Coalfire Blog

Recent Posts

Post Topics

Archives

RSS Feed

RSS Feed

Tags