4 min
Automation and Orchestration
How to Use OpenVAS to Audit the Security of Your Network (1/2)
Synopsis
The Open Vulnerability Assessment System [http://www.openvas.org/index.html]
(OpenVAS), is a Free/Libre [https://www.gnu.org/philosophy/free-sw.html]
software product that can be used to audit the security of an internal corporate
network and find vulnerabilities in a free and automated fashion. It is a
competitor to the well known Nessus vulnerability scanning tool. Analyzing the
results from tools like Nessus or OpenVAS is an excellent first step for an IT
security team working to c
4 min
Automation and Orchestration
What is Penetration Testing?
Synopsis
Penetration testing [https://www.rapid7.com/fundamentals/penetration-testing/]
or as most people in the IT security field call it, pen testing, is the testing
of software and hardware for vulnerabilities or weaknesses that an attacker
could exploit. In the IT world this usually applies, but is not limited to, PCs,
networks, and web applications. Also known as “red teaming
[https://www.rapid7.com/fundamentals/what-is-a-red-team/]” pen testing is done
by everyone from government agencies
3 min
Komand
How Security Orchestration and Automation Saves up to 83% of Time Spent Investigating Alerts
You have the tools to detect and notify your team about security threats. You’ve
hired the best security practitioners who know what an effective security
posture looks like. You’re all set to stop attackers from compromising your
systems.
Just one more thing: How can you maximize the value of these resources,
especially in the face of complex threats and a huge volume of alerts?
While processes can go a long way in harmonizing your tools and personnel to
accelerate tedious tasks such as alert
3 min
Automation and Orchestration
Cross Site Scripting (XSS) Attacks
Synopsis
Cross Site Scripting (XSS) Attacks
[https://www.rapid7.com/fundamentals/cross-site-scripting/] are the second
category of the three largest web attacks used today. Here, we’ll set up a node
server to demonstrate an XSS attack, see browser based XSS prevention, and
finally discuss what further exploits exist based on this attack.
Setup
Here’s our normal, tiny node server to demonstrate XSS.
Create the file server.js as follows:
var http = require('http');
var url = require('url');
7 min
Komand
Defender Spotlight: Mike Arpaia of Kolide
Welcome to Defender Spotlight! In this monthly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how.
In this edition, we spoke with Mike Arpaia, the Co-Founder and CSO of Kolide
[https://kolide.co/].
Mike is the original creator of osquery [https://osquery.io/], which he created,
open-sourced, and widely deployed while work
6 min
Automation and Orchestration
SQL Injection Attacks
Synopsis
Let’s examine, understand, and learn how to prevent one of the most common
attacks [https://www.rapid7.com/fundamentals/types-of-attacks/] people use to
‘hack’ websites, SQL injection attacks
[https://www.rapid7.com/fundamentals/sql-injection-attacks/].
Setup
We’ll start by setting up an ultra-lightweight PHP page (server side) connected
to a MySQL database, simulating a web application.
We need mysql and php. On macOS:
$ brew install mysql && brew install php
On Linux:
Install m
4 min
Komand
The Komand Tech Stack: Why We Chose Our Technology
Choosing a technical stack that fits your organization's needs can be tough.
When choosing the technology to build your product, there are a few things to
consider:
* The experience of the team
* The impact on recruiting efforts (e.g., how easy will it be to find these
skills)
* The ability to execute fast and to maintain quality
We took all of these points into heavy consideration when choosing the Komand
tech stack. Below is a breakdown of what we chose, why we
9 min
Komand
Microservices – Please, don’t
This article originally appeared on Basho.
[http://basho.com/posts/technical/microservices-please-dont/] It is adapted from
a lightning talk Sean gave at the Boston Golang meetup in December of 2015.
For a while, it seemed like everyone was crazy for microservices. You couldn’t
open up your favorite news aggregator of choice without some company you had
never heard of touting how the move to microservices had saved their engineering
organization. You may have even worked for one of those compan
5 min
Automation and Orchestration
Malware Attack Vectors
Synopsis
You’re a malware writer. You’ve been tasked with infecting a remote computer,
one that you have never seen before, have no physical contact with, and don’t
have the IP address of. Maybe you have the email address of a user of that
computer, or just the name of the facility in which that computer is stored. How
do you proceed?
Hopefully I’m not describing you or someone you know, but sometimes it can be
helpful to consider the mindset of an adversary when devising defensive
measures. In
13 min
Automation and Orchestration
OSSEC Series: Configuration Pitfalls
Synopsis:
OSSEC is a popular host intrusion and log analysis system. It’s a great tool,
and when configured and customized properly it can be a very powerful and
holistic addition to your environment.
In this article I will list a number of problems I’ve encountered while using
OSSEC over the years. Many of these are the result of incomplete documentation.
The purpose of this article is to save you time if you’re having trouble getting
things working while doing similar tasks.
Pitfalls:
A gro
4 min
Automation and Orchestration
Secure Password Storage in Web Apps
Synopsis
We like writing web applications. Increasingly, software that might have once
run as a desktop application now runs on the web. So how do we properly
authenticate users in web contexts? Passwords, of course! Let’s look at how to
handle password authentication on the web.
What not to do
It’s very tempting to use plaintext authentication for web applications. Let’s
whip up a quick python web server that we’ll use to test authentication. Let’s
say we want to provide access to magic number
5 min
Komand
5 Reasons Companies Are Losing Security Talent (And What to Do)
It’s hard enough finding security talent, but losing the talent you already have
can be a particularly painful blow. That’s why we’ve put together a quick guide
to help you:
* Address some of the underlying causes of attrition
* Increase retention of your security talent
* Solve the security gap at your organization
Here are five common talent-retention challenges and how to address them
head-on.
Challenge #1: Constrained Budgets and Disproportionate Strategy
According to Kaspersky Labs, 8
5 min
Komand
Filtering and Automated Decisions with PEG.js and React-Mentions
Here at Komand, we needed an intuitive way to filter data from a trigger step.
When automating security operations and processes, sometimes you don’t want a
workflow to start on every trigger. Splunk logs may be firing off millions of
events, but running a workflow for each one may not really be what you need. If
we were to set up a privilege escalation rule in Sysdig Falco and index it in
Splunk, we would want to run a specific workflow for that rule, but a separate
workflow for detecting SQ
3 min
Komand
Defining the Roles & Responsibilities of Your Security Team
Muddling together security responsibilities often leads to tasks falling through
the cracks. Instead, organizations should be as clear as possible about which
member of the security staff is responsible for which tasks. Moreover, the
division of those tasks should reflect the unique capabilities and strengths of
each team member.
For instance, SOC personnel should be given tasks that require immediate
attention, such as alert handling and incident response. Security engineers, on
the other hand
3 min
Komand
Does Security Automation Mean SOC Employees Will Be Obsolete?
Telephones, computers, and robots all have one thing in common: People thought
they’d replace the need for human input, putting us all out of a job. On the
contrary, these technologies were widely embraced once the public realized what
their true purpose was: to automate tedious work and enable us to do things we
actually enjoy doing, and faster, too. The same benefits apply to security
operations, and this is a great thing for security operations centers (SOCs)
[https://www.rapid7.com/fundament