Everything You Need to Know About ARP Spoofing

ARP spoofing — also known as ARP poisoning — is a type of man-in-the-middle attack where an attacker sits between a targeted victim and the router to listen in on their online traffic. This is a form of cyber attack carried out over a local area network (LAN) that involves sending malicious address ARP packets to a default gateway on a LAN in order to change the pairings in its IP to media access control (MAC) address table. Address resolution protocol (ARP) translates IP addresses into MAC addresses. Confused yet? You won't be for long since, by the end of this post, you'll not only understand ARP spoofing, but be able to demonstrate it. And as a result, you'll even learn how to protect yourself against these attacks.

BLOG Dec 17

Vulnerability Management: Is Declining Mental Health Cybersecurity's Greatest Threat?

The pandemic and work-from-home shift have had a huge effect on the mental health of those in every industry, but the issue is exacerbated amongst development teams since they have historically always been ‘behind the scenes.’ The element of face-to-face interaction has been blurred or lost completely, furthering feelings of isolation among those already in ‘head-down roles. And the absolute last thing that anyone in any role or industry wants to feel like is just another cog in the machine.

BLOG Nov 17

5 Considerations To Improve Your Cyber Security Risk Managment

Every Chief Information Security Officer (CISO) as well at IT Security professional understands that job one is cyber security risk mitigation. No one individual or even entire pool of company resources can ever guarantee complete protection from cyber-attacks so the best you can strive for is an idealized version risk mitigation. But that starts requires starting with an understanding of the current and ever-changing risks matched to the current and ever-improving security best practices for secure software development life cycles.

BLOG Feb 22

How To Build A Security Mindset With DevSec Training

Another 2021 New Year’s Resolution should be to take a hard look at your current software engineer training regime. Do you even have one formalized? Do you ensure your developers refresh their skills yearly and update to current best practices? Do you know what it will cost your organization if something is miscoded or a potential security hole gets codded in?

BLOG Jan 25

Demystifying DevSecOps eBook

We recently completed a survey that revealed only 35% of respondents classify security awareness training as a ‘top priority’ while working remotely, and nearly half say that their DevOps teams are not experts in understanding how to protect at home wireless networks.

BLOG Nov 23

5 Steps To Expose Vulnerabilities With An Application Security assessment

There is a constant battle between cybercriminals and IT security staff especially when it comes to code developed inhouse. The belief that a single missed punctuation or use of a specific (thought to be) trusted open-sourced library or code fragment could potentially open up new security leaks or vulnerabilities is a daily reality as seen with the volume of news touting new breaches. Standard quality practices should also include ongoing security assessments in order to get ahead of this curve.

BLOG Sep 07

Continuous Security Assessments Come Of Age

IT Security professionals know that there are always multiple ways to solve a given security challenge. Specific methodologies provide a level of confidence for specific circumstances so it is no surprise that something as important as security assessments also have multiple approaches.

BLOG Aug 24