InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by InfoSec Institute
Aktualizace: 59 min 54 sek zpět

2017 OWASP A4 Update: XML External Entities (XXE)

4 Duben, 2018 - 22:30

Extensible Markup Language External Entities (XXE) is currently ranked fourth on OWASP’s 2017 Top Ten list of application security risks. Extensible Markup Language (XML) is a widely used data format. It can be found in: HTML Windows document files (.docx) SVG (scalable vector graphics) EXIF image files Or in various types of web services including: […]

The post 2017 OWASP A4 Update: XML External Entities (XXE) appeared first on InfoSec Resources.

2017 OWASP A4 Update: XML External Entities (XXE) was first posted on April 4, 2018 at 3:30 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A1 Update: Injection

4 Duben, 2018 - 00:54

Injection is a type of security flaw that has topped the OWASP Top Ten since around 2010. This means it is not a new vulnerability, and despite information on how to prevent it, it continues to be a problem. Any application that allows user input is potentially vulnerable to injection. There are ways to prevent […]

The post 2017 OWASP A1 Update: Injection appeared first on InfoSec Resources.

2017 OWASP A1 Update: Injection was first posted on April 3, 2018 at 5:54 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to Prevent Business Email Compromise With Multi-Factor Authentication

3 Duben, 2018 - 00:30

Business email compromise (BEC) scams cost businesses $5.3 billion from 2013 to 2016. BEC fraud is a problem for companies of all sizes and all sectors. In fact, in Q4 of 2017, almost 89% of companies had experienced at least one email fraud attack. A BEC scam starts with an email and ends with a […]

The post How to Prevent Business Email Compromise With Multi-Factor Authentication appeared first on InfoSec Resources.

How to Prevent Business Email Compromise With Multi-Factor Authentication was first posted on April 2, 2018 at 5:30 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

DDoS protection: Cloud Overflow

2 Duben, 2018 - 19:31

Distributed Denial of Service Attacks Every organization operating online services facing the public internet, will at some point in time need to deal with a Distributed Denial of Service (DDoS) Attack. This is usually a targeted attack where, as part of a ransom demand or an activism campaign, a significant amount of traffic is directed […]

The post DDoS protection: Cloud Overflow appeared first on InfoSec Resources.

DDoS protection: Cloud Overflow was first posted on April 2, 2018 at 12:31 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Using Security Awareness Training to Prevent Business Email Compromise (BEC)

2 Duben, 2018 - 15:27

Business email compromise (BEC) is an example of where the line between cybercrime and cybersecurity blurs. These scams involve a company and sometimes an individual being targeted by a cybercriminal with the objective of scamming money. BEC scammers go about this by using the kinds of things that make a human tick — trust, deception […]

The post Using Security Awareness Training to Prevent Business Email Compromise (BEC) appeared first on InfoSec Resources.

Using Security Awareness Training to Prevent Business Email Compromise (BEC) was first posted on April 2, 2018 at 8:27 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

What is Business Email Compromise (BEC)?

2 Duben, 2018 - 15:11

Social media platforms may be a popular communication mode, but email remains the preferred business communication tool. The Radicati Group expects this love affair with email to grow to 319.6 billion emails sent and received — per day — by 2021. It’s no wonder the beady eyes of the cybercriminal are focused on ways to […]

The post What is Business Email Compromise (BEC)? appeared first on InfoSec Resources.

What is Business Email Compromise (BEC)? was first posted on April 2, 2018 at 8:11 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

OWASP Top 10 Application Security Risks: 2013 vs 2017

2 Duben, 2018 - 14:00

The Open Web Application Security Project (OWASP) is a global, nonprofit organization aiming to improve the security of applications and raise awareness of secure coding practices. They create new tools for both individuals and organizations, and build practical, knowledge-based documentation for the security community. The OWASP Top 10 is a list of common and critical […]

The post OWASP Top 10 Application Security Risks: 2013 vs 2017 appeared first on InfoSec Resources.

OWASP Top 10 Application Security Risks: 2013 vs 2017 was first posted on April 2, 2018 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Win up to $1,000 in our Mobile CTF! (April Only!)

1 Duben, 2018 - 20:41



The post Win up to $1,000 in our Mobile CTF! (April Only!) appeared first on InfoSec Resources.

Win up to $1,000 in our Mobile CTF! (April Only!) was first posted on April 1, 2018 at 1:41 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

FREE Swag when you Train with us!

1 Duben, 2018 - 19:47



The post FREE Swag when you Train with us! appeared first on InfoSec Resources.

FREE Swag when you Train with us! was first posted on April 1, 2018 at 12:47 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Common CGEIT Job Titles and Salaries

30 Březen, 2018 - 23:37

Introduction Our last two articles examined the CGEIT cert in more detail. The first one provided an overview into the particulars of the actual exam, and the second one addressed the top 15 FAQs associated with it. In this article, we continue with the theme of the CGEIT, focusing upon the various job titles that […]

The post Common CGEIT Job Titles and Salaries appeared first on InfoSec Resources.

Common CGEIT Job Titles and Salaries was first posted on March 30, 2018 at 4:37 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CGEIT Frequently Asked Questions (FAQ)

30 Březen, 2018 - 22:46

Introduction Out last article provided an overview into what the CGEIT is all about. Essentially, it is a cert that specializes in IT governance. As described, it is a very specialized kind of cert, and there is only a small percentage of IT professionals worldwide that actually possess it. It is geared primarily towards the […]

The post CGEIT Frequently Asked Questions (FAQ) appeared first on InfoSec Resources.

CGEIT Frequently Asked Questions (FAQ) was first posted on March 30, 2018 at 3:46 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CGEIT Exam Details And Process

30 Březen, 2018 - 22:32

Introduction Navigating throughout the ISACA website can prove challenging when trying to retrieve desired information about taking the CGEIT exam, and few other resources provide hopefuls the insight they need to decide if the CGEIT is something worth pursuing, and when. There are several frequently asked questions that come up amongst individuals wishing to learn […]

The post CGEIT Exam Details And Process appeared first on InfoSec Resources.

CGEIT Exam Details And Process was first posted on March 30, 2018 at 3:32 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How To Become CGEIT Certified – Certification Requirements

30 Březen, 2018 - 22:22

Professionals in Governance, Risk Management, and Compliance careers that are looking to extend their knowledge in information technology (IT) governance principles and practices may consider taking the CGEIT exam to further their success. The CGEIT certification, offered by the Information Systems Audit and Control Association (ISACA) shows potential employers that the applicant has proved to […]

The post How To Become CGEIT Certified – Certification Requirements appeared first on InfoSec Resources.

How To Become CGEIT Certified – Certification Requirements was first posted on March 30, 2018 at 3:22 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CGEIT Certification: Overview and Career Path

30 Březen, 2018 - 22:14

Introduction The importance of IT governance for a company is impossible to ignore. Its goal is basically to ensure that the IT infrastructure match and support the business goals of an organization in an effective way. From optimizing resources to developing strategies and prioritizing initiatives, a professional expert in governance strives to deliver plans and […]

The post CGEIT Certification: Overview and Career Path appeared first on InfoSec Resources.

CGEIT Certification: Overview and Career Path was first posted on March 30, 2018 at 3:14 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CISSP: DoD Cyber Strategy

30 Březen, 2018 - 21:47

Introduction The United States is one of the pioneers in elaborating a formal and thorough cyber-strategy for ensuring its national interests in cyberspace. Following the formal declaration of cyberspace as one of the five battlefields (with air, sea, land, and space) in 2009, together with the establishment of United States Cyber Command (USCYBERCOM), the U.S. […]

The post CISSP: DoD Cyber Strategy appeared first on InfoSec Resources.

CISSP: DoD Cyber Strategy was first posted on March 30, 2018 at 2:47 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CISSP: DoD 8570 Overview

30 Březen, 2018 - 21:33

Introduction Cyberspace has been officially considered as a battlefield for approximately a decade in many states. Not only cybercriminals, but also states actively participate in launching cyberattacks aiming at sabotaging their adversaries for both monetary gain and strategic considerations. Consequently, in this troubled water, the defensive side has to overview potential attackers of multidimensional objectives […]

The post CISSP: DoD 8570 Overview appeared first on InfoSec Resources.

CISSP: DoD 8570 Overview was first posted on March 30, 2018 at 2:33 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CISSP for Government, Military and Non-Profit Organizations

30 Březen, 2018 - 21:16

Certified Information Systems Security Professional (CISSP) is an independent information security certification for IT professionals administered by the International Information System Security Certification Consortium, (ISC). CISSP is recognized globally as one of the leading certifications in the field of IT security. Since 2015, the CISSP curriculum has focused on eight specific aspects. These are: Security […]

The post CISSP for Government, Military and Non-Profit Organizations appeared first on InfoSec Resources.

CISSP for Government, Military and Non-Profit Organizations was first posted on March 30, 2018 at 2:16 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CISSP: Salary Data

30 Březen, 2018 - 21:06

Introduction As a security professional, you want to ensure that you’re earning a recognized credential that will help you earn more in the information security field. The Certified Information Systems Security Professional (CISSP) certification has become the gold standard here, but what does that translate into in terms of annual average salary? While you can […]

The post CISSP: Salary Data appeared first on InfoSec Resources.

CISSP: Salary Data was first posted on March 30, 2018 at 2:06 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CISSP: Current Status

30 Březen, 2018 - 20:57

While the Certified Information Systems Security Personnel (CISSP) certification has been touted as the gold standard for IT professionals for a long time, that longevity can seem to work against you. Is CISSP certification still relevant in today’s world? Is it still an ideal option for your needs? If you do complete the exam successfully […]

The post CISSP: Current Status appeared first on InfoSec Resources.

CISSP: Current Status was first posted on March 30, 2018 at 1:57 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Which Are the Most Exploited Flaws by Cybercriminal Organizations?

30 Březen, 2018 - 19:23

Which are the weapons in the arsenal of cybercrime gangs? Which are the most exploited vulnerabilities? To respond to these questions let’s analyze the annual report published by the threat intelligence firm Recorded Future that analyzes Top Ten vulnerabilities used by crooks. The report is based on the analysis of open, deep, and dark web sources; […]

The post Which Are the Most Exploited Flaws by Cybercriminal Organizations? appeared first on InfoSec Resources.

Which Are the Most Exploited Flaws by Cybercriminal Organizations? was first posted on March 30, 2018 at 12:23 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security