Expert(s):
CTO and co-founderfeature_status*/ ?>
K2 Cyber Security

Comments Dotted : 3
December 14, 2020

Security Expert Re: Critical Glassdoor Vulnerability Impacts Both Job Seekers And Employers
The discovery of a CSRF vulnerability in the Glassdoor site is a good reminder that CSRF remains a critical web application risk.
The discovery of a CSRF vulnerability in the Glassdoor site is a good reminder that CSRF remains a critical web application risk, and has appeared often on the OWASP Top 10 web application risks list. The fact that CSRF vulnerabilities continue to exist in web sites and applications like Glassdoor shows that not enough organizations test and protect their websites and applications against common web application vulnerabilities. NIST recently updated their SP800-53 Security and Privacy.....Read More
The discovery of a CSRF vulnerability in the Glassdoor site is a good reminder that CSRF remains a critical web application risk, and has appeared often on the OWASP Top 10 web application risks list. The fact that CSRF vulnerabilities continue to exist in web sites and applications like Glassdoor shows that not enough organizations test and protect their websites and applications against common web application vulnerabilities. NIST recently updated their SP800-53 Security and Privacy Framework to add focus on these issues by including RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing). These types of security solutions more effectively target the risks outlined by the current and past OWASP Top 10 lists.  Read Less
October 21, 2020

NSA Warns Chinese State-sponsored Actors Are Exploiting Known Vulns – Security Expert Perspective
RASP solutions also protect the organization against new and unpatched vulnerabilities.
The new list of top 25 vulnerabilities being exploited by Chinese hacking is a great reminder that the easiest protection against cyber attacks is keeping your operating systems, applications, devices, and software patched and up to date. For organizations that can’t keep up to date or don’t have the resources to keep their software up to date, they should look into virtual patching solutions that protect the application, like the ones offered by RASP (Runtime Application Self-Protection).....Read More
The new list of top 25 vulnerabilities being exploited by Chinese hacking is a great reminder that the easiest protection against cyber attacks is keeping your operating systems, applications, devices, and software patched and up to date. For organizations that can’t keep up to date or don’t have the resources to keep their software up to date, they should look into virtual patching solutions that protect the application, like the ones offered by RASP (Runtime Application Self-Protection) solutions, which are now mandated by the latest version of the NIST SP800-53 Revision 5 Security and Privacy Framework. RASP solutions also protect the organization against new and unpatched vulnerabilities.  Read Less
May 19, 2020

Industry Experts On Verizon DBiR 2020
Companies need to protect web applications that continue to have vulnerabilities that can be exploited.
The 2020 Verizon Breach Incident Report has a lot of good information, and reminds us that checking for malware on systems isn’t enough, as attacks via malware have decreased to only 6.5% of attacks and incidents (down from the peak near 50% in 2016). It’s a good reminder that organizations need to have security in place for phishing, preventing credential theft, and to protect web applications that continue to have vulnerabilities that can be exploited. The other big takeaway for.....Read More
The 2020 Verizon Breach Incident Report has a lot of good information, and reminds us that checking for malware on systems isn’t enough, as attacks via malware have decreased to only 6.5% of attacks and incidents (down from the peak near 50% in 2016). It’s a good reminder that organizations need to have security in place for phishing, preventing credential theft, and to protect web applications that continue to have vulnerabilities that can be exploited. The other big takeaway for organizations is that misconfiguration errors were a big gainer this year (called the best supporting action in the report). We often see at customer sites, where they patched a known vulnerability incorrectly or left it unpatched, leaving them vulnerable, and standard tools like WAF and EDR didn’t detect attacks on that vulnerability.  Read Less