White Papers & Articles

White Papers

Penetration Hurts: Best Practices to Protect Sensitive Data and Achieve PCI Compliance
Vulnerability Management & Penetration Testing: Partners in Securing the Enterprise Network - Vulnerability Management provides a process that helps companies consistently monitor their IT environment for potential security risks. Those companies that want to go one further and ensure that one vulnerability cannot lead to more destructive attacks can augment their vulnerability management process with penetration testing.
Lock-Picking the eDoor: Knowing How Hackers Find the Weakest Link - Is it possible to predict the probability that a system in an organization’s network will become compromised by a cyber-attack? The weakest link lies somewhere in the electronic business processes, but it is difficult to know exactly where it is located, what it looks like, and how likely it is to be found.

SQL Injection - Web applications that don't properly sanitize user-supplied input enable hackers to alter the construction of backend SQL statement and gain control of the database or execute commands on the system.
Cross-Site Scripting - Web applications that fail to validate user supplied input before returning it to the client system can result in compromised information, stolen authentication cookies, or malicious code execution.
Directory Traversal - Attackers gain access to files in directories outside of the Web server root directory which can lead to a full compromise of the Web server.
Public Hub Traffic - If a device is running in promiscuous mode, a malicious user can eavesdrop on other users in the same network segment.
Modem Intruders - Security threats include numerous modem vulnerabilities involving authorized and unauthorized modem use, often resulting in wide open back doors into the data network, voice systems or other critical infrastructure assets.
Infected Laptops - Laptop users that migrate from network to network can expose your network to viruses, worms or other exposures.
VPN Insecurity - Access to any system that is connected to your network via the VPN provides a means of penetrating the entire network.
Firewall Fallacies - Firewalls cannot protect against URL based attacks or other such exploits that take advantage of flaws in the normal services of a system.