Share your Tips, Tricks and Best Practices with those who love to learn.
- 4 Topics
- 3 Replies
Hi all,As part of a product discovery process we’re at, we wanted to ask our amazing community - what kind of dashboards are currently implemented in your security posture management routine? Which data sources are you fusing into these dashboards? On which platform do you implement these dashboards? (Splunk, Tableau, PowerBI, other tools)Thank you!
Hi all,I am reaching out regarding a major issue we've been hearing about recently. Though it's not new and has been around for a couple of years, it is of vital importance and has become a "standard" bad practice. Organizations allow direct traffic to ANY and from AWS S3 buckets without analyzing, sanitizing or blocking it by web filters etc., potentially exposing the organization to all sorts of attacks.A few words for those of you who don’t know exactly what are AWS S3 buckets. These are AWS Simple Storage Service (S3) and according to Amazon, S3 are commonly used to “store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics”. At a high level, S3 consists of “buckets” and “objects”, in which objects are files that are stored in a bucket. Due to the functionality of this service various users at an organization (IT, Dev, Sales, Finance etc.) require it
Most of the Organization have their MISP infra to gather Open Source intelligence and integrated with Security Orchestration Automation and Response to block the threat but there is no way to vet the IOC provided by MISP. How can we make use of Cymulate to Check Reachability to the IOC gathered from the OSInt ? Check Data Exfiltration capability through the said IOC ? Check Reputation of the said IOC gathered through and exchanged anonymously within the network of Cymulate and simultaneously being vetted across the various industries post their consent to exchange Threat Data? Type of IOC to be vetted:-IP IP and Port combination Email
Hey Community! For those who didn’t notice, OWASP is now updating its Top 10 project (didn’t happen for 4 years):https://owasp.org/Top10/ They have changed the order, merged some categories with others and created some new categories.It is also interesting to see that for the first time there’s a focus on CI/CD security. The number 10 (new) category is SSRF, which was recently added as an attack category in the Cymulate WAF module – check it out.
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.