⚖️ Features Vs. #Vulnerability #patching who wins in your organization?

With product teams always wanting to release new features for their customers, security teams are worried about patching vulnerabilities on time.

As growth is a priority for any business, patching vulnerabilities often take a back seat, and it's always a trade-off to the features.

And it's the hackers who benefit from this - they get around 200+ days to target a vulnerability. 🐱‍💻

The solution?

Patch your vulnerabilities and release new features both at the same time!

We tell you how to patch your vulnerabilities within 24 hours in our upcoming free webinar - 16th March, 2:30 PM to 3:15 PM (IST)

This is your last chance to register for the webinar: bit.ly/3kww6GT

#virtualpatching #zerodayvulnerability #vulnerabilityassessment #pentesting #hacking #zerodayexploits #securitywebinar #zeroday #vulnerabilitymanagement #vulnerabilities #webinar #thoughtleadership #apptrana #indusface

What is ethical hacking, and how does it work? - Ethical hacking is the practice of identifying and testing vulner... - https://cointelegraph.com/news/what-is-ethical-hacking-and-how-does-it-work #vulnerabilityassessment #informationsecurity #penetrationtesting #ethicalhacking #cybersecurity

From Cointelegraph.com: What is ethical hacking, and how does it work? https://cointelegraph.com/news/what-is-ethical-hacking-and-how-does-it-work #Vulnerabilityassessment #Informationsecurity #Penetrationtesting #Ethicalhacking #Cybersecurity

👉 With the agile development process, tens of vulnerabilities get introduced into code in every sprint.

The average time vulnerabilities remain open is 180+ days from the time its discovered.

When it comes to business growth vs. security, business always wins, which means vulnerabilities are not patched on time allowing hackers to exploit them.

However, most of these can be patched using Virtual patching—in 24 hours and with ZERO impact on business continuity.

In the upcoming webinar, join Vivekanand Gopalan, VP of Product Management at Indusface, as he discusses:

- Vulnerability assessments and penetration testing best practices
- Fundamentals of virtual patching
- An example of a zero-day vulnerability that has been virtually patched

This is your last chance to book your seat. Register now! bit.ly/3kww6GT

#virtualpatching #zerodayvulnerability #vulnerabilityassessment #pentesting #hacking #zerodayexploits #securitywebinar #zeroday #vulnerabilitymanagement #vulnerabilities #webinar #thoughtleadership #apptrana #indusface

800 Million attacks were blocked despite having thousands of vulnerabilities open for >180 days!!​

The secret?​

All these applications leverage “virtual patching” to block complex attacks right at the WAF.

Understand more about what Virtual Patching is in our recent upcoming Webinar on 16th March - 2:30 PM to 3:15 PM (IST)

Book your seat now! bit.ly/3kww6GT

#virtualpatching #zerodayvulnerability #vulnerabilityassessment #pentesting #hacking #zerodayexploits #securitywebinar #zeroday #vulnerabilitymanagement #vulnerabilities #itwebinar #apptrana #indusface

👉 The average time a vulnerability remains open is 180+ days!

When it comes to business growth vs. security, business always wins.
And this significantly affects security, as hackers find more time to exploit the vulnerabilities.

However, most of these vulnerabilities can be patched using Virtual Patching— within 24 hours with ZERO impact on business continuity.

In the upcoming webinar, join Vivek Gopalan, VP of Product Management at Indusface, as he discusses:

- Vulnerability assessments and penetration testing best practices
- Fundamentals of Virtual Patching
- An example of a zero-day vulnerability that has been patched virtually

Register for the webinar now! http://bit.ly/3kww6GT

#virtualpatching #zerodayvulnerability #vulnerabilityassessment #pentesting #hacking #zerodayexploits #securitywebinar #zeroday #vulnerabilitymanagement #vulnerabilities #itwebinar #apptrana #indusface

#Runecast Integrates #OpenAI to Enhance #Compliance and #VulnerabilityAssessment | via CIOdive

#CISO #CISOtips #Security #CNAPP

https://www.ciodive.com/press-release/20230131-runecast-integrates-openai-to-enhance-compliance-and-vulnerability-assessme/

The NIST Vulnerability Database reports about 40% fewer vulnerabilities for 2022 compared to 2021, but MITRE's CVE Details recorded 25% more. 🤔

Which of these sources for CVE information do you use in your work?
>> NIST's National Vulns Database
>> MITRE's CVE Details
>> Something else (sharing it ⬇️)

#ethicalhacking #vulnerabilityassessment #penetrationtesting

Sources:
NIST NVD: https://nvd.nist.gov/general/visualizations/vulnerability-visualizations/cvss-severity-distribution-over-time
MITRE CVE Details: https://www.cvedetails.com/browse-by-date.php

OWASP Amass version 3.21.1 has been released with updates to DNS resolution that have resulted in increased reliability and reduced resource consumption

#security #networksecurity #infosec #osint #dns #recon #attacksurface #assetdiscovery #bugbounty #redteam #pentesting #vulnerabilityassessment #vulnerabilityassessmenttools #vulnerabilitymanagement #threatintel #situationalawareness #visability #opensource #opensourcesoftware #opensourceintelligence

https://github.com/OWASP/Amass/releases/tag/v3.21.1

Support OWASP & ZAP!!!
https://giving.owasp.org/kingthorin_rm

We're still getting the content setup. But we can use any and all help!!!!! So I'm jumping in with both feet, 5 days to go on #GivingTuesday #OWASP #OpenSource #PenTest #RedTeam #PurpleTeam #BlueTeam #WebAppSec #AppSec #VulnerabilityAssessment

I decided I need to re-do my #introduction post. Why? I didn't know that full-text search wasn't really a thing on Mastodon (well, particularly cross-instance), so I need to hashtag it. If you've read it before, feel free to move on, or read again. Anything goes!

I’ve seen a few others do introductory posts so I figured why not for me too. It’s unlikely I was known on #infosec Twitter because I didn’t post much on Twitter. I hope to change that here.

I’ve worked in #SystemAdministration, #VulnerabilityManagement, #NetworkSecurity, and/or #SystemofSystems #Security for around 8 years. My experience has been solely within the world of #DOD, first as a civilian and then as a contractor. I’m currently a Senior SA/Deupty PM for Broadleaf-inc, a government contractor.

Along with that, I’ve been teaching infosec for around two years for a university. I developed many courses, Network Security, OS Security, #VulnerabilityAssessment and #PenetrationTesting, #OSINT, IDS & IPS, #CyberthreatIntelligence, as well as an Introduction to IT and a CCNA course. I’ll be developing an Advanced Penetration Testing and a Digital Forensics course this upcoming year.

I am an advocate for helping those with no existing experience and fresh graduates find positions in #Cybersecurity, truly entry level positions. I help run a discord that focuses on that, #SecurityNewbs, as well working on free university-style courses that people can take to learn these skills. Those aren’t ready yet, but my first free course will be Introduction to Cybersecurity.

On my off-time, I'm a huge #gamer. You'll generally find me on the Xbox Series X, although once in a while I'll be on PS5. I generally play #destiny2, probably a little too much. I have 4 kids, 5 cats, and 2 dogs. It can be a hectic house.

That’s me. Fin.

Neopets Is Still A Thing And Its Exposing Sensitive Data - Neopets, the virtual pets website has exposed a wide range of sensitive data online including info... https://feeds.feedblitz.com/~/640789048/0/thesecurityledger~Neopets-Is-Still-A-Thing-And-Its-Exposing-Sensitive-Data/ #vulnerabilityassessment #applicationsecurity #webapplications #vulnerability #dataprivacy #topstories

Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations https://thehackernews.com/2020/02/cybersecurity-threat-assessment.html #vulnerabilityassessment #PenetrationTesting #cybersecuritytool #ThreatAssessment #cybersecurity #Cynet

The Rise of the Open Bug Bounty Project https://thehackernews.com/2020/02/open-bug-bounty-project.html #vulnerabilityassessment #vulnerabilitydisclosure #vulnerabilityreporting #VulnerabilityDatabase #BugBountyProgram #cybersecurity #Vulnerability #bugbounty

Evaluating Your Security Controls? Be Sure to Ask the Right Questions https://thehackernews.com/2020/01/cybersecurity-controls-framework.html #automatedpenetrationtesting #Penetrationtestingtools #vulnerabilityassessment #cybersecuritytools #PenetrationTesting #cybersecurity

Broadening the Scope: A Comprehensive View of Pen Testing https://thehackernews.com/2020/01/broadening-scope-comprehensive-view-of11.html #networkvulnerabilityassessment #Penetrationtestingtools #vulnerabilityassessment #enterprisesecurity #PenetrationTesting #ThreatAssessment #cybersecurity

The Ultimate 2019 Security Team Assessment Template https://thehackernews.com/2019/11/security-team-assessment.html #vulnerabilityassessment #ThreatAssessment #cybersecurity #SecurityTeam #PPTTemplate