Author: mathildeexlm

by mathildeexlm mathildeexlm No Comments

How to test your defence in-depth with the Assume Breach approach

For the past two years, we observed growing requests of companies towards realistic tests based on breach and crisis simulations. Indeed, the classic model shows its limits when an application or a network has been tested many times. One can be pretty sure that the first line is secured, but another one can also be completely blind about what could happen next if it is not the case.

Read more

by mathildeexlm mathildeexlm No Comments

Newsletter: SWIFT CSP: A change to reinforce the security of the global banking system

Secure the SWIFT Network

In 2016, users of Society for Worldwide Interbank Financial Telecommunication (SWIFT), Bangladesh, Vietnam and Ecuador suffered cyber-attacks and had huge financial losses. Due to the exponential increase of cyber-attacks and frauds against financial institutions, the same year, SWIFT introduced its own Customer Security Programme (CSP). The main goal of this programme is to ensure and improve the security level of each SWIFT customer to bring more confidence in the SWIFT’s network. To follow this aim, SWIFT proposed three guidelines: Secure your environment, Know and Limit Access, Detect and Respond.

Read more

by mathildeexlm mathildeexlm No Comments

How to watch out for your Infrastructure with a SOC

First thing, a bit of contextualization. What are these blog posts about? The Cyber Blog Times is all about challenges and knowledge acquisition. How? Simple.

Every month, we will share a new Cyber Blog Post. It will address and introduce one of our core services helping you better understand Excellium Services as well as cybersecurity. Furthermore, each blog post will offer you the possibility to challenge yourself and test your information with a small quiz. The more correct answers you get, the more chances you will have to win The Cyber Blog Times final Contest.

Read carefully, be consistent and overall, get involved! Are you ready? Let’s go.

Read more

by mathildeexlm mathildeexlm No Comments

Password hashing: Be careful about what you hash!

Context of the hashing issue

During a web assessment, Excellium’s Intrusion & AppSec team audited a PHP application where users passwords were stored using the bcrypt hashing algorithm. As bcrypt 1https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.htmlis still a valid and recommended algorithm to hash passwordscompromising passwords 2https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials  should not be an easy task. However, sometimesthe devil is in the details. 

 

Read more

Top