CONTACT

Appsec Phoenix 

Application Security in London

GET IN TOUCH

Have a question or want to send us a message? Get in touch by filling out the form below and one of our team will get back to you.

Capital Office Ltd
Kemp House, 152 – 160 City Rd, London EC1V 2NX


    FAQ

     

    How do we integrate scanners?
    • Scanners are used in cyber security to detect vulnerable versions of software in the system that are exploitable and used by attackers. We integrate a wide range of scanners such as Acunetix, Dome9/CloudGuard, Fortify Scanner, Netsparker, SNYK just to name a few. Our scanners look at every area of the system such as Web Facing App Risk, Software composition, Code vulnerabilities, Cloud vulnerabilities, Dark web exposure, and 3rd Party Supply Chain vulnerabilities.
    • With our scanners, we get the most accurate look at the company’s risk. With this pivotal knowledge, we can take the right steps to fix the vulnerabilities and get back in shape.
    Where do we pick the data?

    Our scanners look at every area of the system such as Web Facing App Risk, Software composition, Code vulnerabilities, Cloud vulnerabilities, Dark web exposure, and 3rd Party Supply Chain vulnerabilities.

    What is the risk formula?
    • Risk is commonly defined with a formula that is as follows: threat x vulnerability x consequence.
    • To better understand the risk formula and how it applies to cybersecurity risk, let’s first break down its component parts:

    Threat

    There are many threat actors out there, including nation states, criminal syndicates and enterprises, hacktivists, insiders, and lone wolf actors. These threat actors play on a variety of motivations, including financial gain, political statements, corporate or government espionage, and military advantage.

    Vulnerability

    Threat actors are able to launch cyber attacks through the exploitation of vulnerabilities. In cybersecurity, these vulnerabilities deal with a process, procedure, or technology.

    For example, an employee may choose to exploit their familiarity with internal processes, procedures, or technology such as their knowledge of the following:

    • Everyone in their company uses the password “12345.”
    • User names consist of an employee’s first and last name.
    • Their organization is very lax on additional security controls like multifactor authentication.

    This failure in both process and technology could then be exploited by said insider. And, of course, there are a number of vulnerabilities in both hardware and software that can be exploited from the outside, such as unpatched software, unsecured access points, misconfigured systems, and so on.

    Consequence

    The consequence is the harm caused to an exploited organization by a cyberattack — from a loss of sensitive data, to a disruption in a corporate network, to physical electronic damage. Consequences from a cybersecurity incident not only affect the machine or data that was breached — they also affect the company’s customer base, reputation, financial standing, and regulatory good-standing. These can be considered direct and indirect costs.

    How to set a threshold?

    You will be able to place a threshold in the dashboard. As you interact with the visual data, you will be given an option to set your threshold in each of the graphs (such as in the risk progression line graph etc.) With your newly appointed threshold, you will be able to see if your application falls above or below that threshold, as well as where the problem areas are that are keeping that application above the threshold.

    What does override in the threshold mean?

    As you place your initial threshold and view the progression of the application’s risk over time, you will be able to adjust (override) the previous threshold to reflect any new changes in the company. Perhaps the new industry threshold is lower now. You will be able to set

    What are high, medium low vulnerabilities?
    • CVSS is an industry standard vulnerability metric. You can learn more about CVSS at FIRST.org.
    • Critical
    • High
    • Medium
    • Low

    Below are a few examples of vulnerabilities which may result in a given severity level. Please keep in mind that this rating does not take into account details of your installation and are to be used as a guide only.

    Severity Level: Critical

    Vulnerabilities that score in the critical range usually have most of the following characteristics:

    • Exploitation of the vulnerability likely results in root-level compromise of servers or infrastructure devices.
    • Exploitation is usually straightforward, in the sense that the attacker does not need any special authentication credentials or knowledge about individual victims, and does not need to persuade a target user, for example via social engineering, into performing any special functions.

    For critical vulnerabilities, is advised that you patch or upgrade as soon as possible, unless you have other mitigating measures in place. For example, a mitigating factor could be if your installation is not accessible from the Internet.

    Severity Level: High

    Vulnerabilities that score in the high range usually have some of the following characteristics:

    • The vulnerability is difficult to exploit.
    • Exploitation could result in elevated privileges.
    • Exploitation could result in a significant data loss or downtime.

    Severity Level: Medium

    Vulnerabilities that score in the medium range usually have some of the following characteristics:

    • Vulnerabilities that require the attacker to manipulate individual victims via social engineering tactics.
    • Denial of service vulnerabilities that are difficult to set up.
    • Exploits that require an attacker to reside on the same local network as the victim.
    • Vulnerabilities where exploitation provides only very limited access.
    • Vulnerabilities that require user privileges for successful exploitation.

    Severity Level: Low

    Vulnerabilities in the low range typically have very little impact on an organization’s business. Exploitation of such vulnerabilities usually requires local or physical system access.

    What are vulnerabilities?
    • In cybersecurity, a vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized access to a computer system. Every organization has multiple security measures that keeps intruders out and important data in. We can think of such security measures as the fence that circumvents your yard. Vulnerabilities are cracks and openings in this fence.After exploiting a vulnerability, a cyberattack can run malicious code, install malware and even steal sensitive data.
      • According to the CWE/SANS Top 25 list, there are three main types of security vulnerabilities:
    • Faulty defenses
    • Poor resource management

    Insecure connection between elements

    What is SCA?

    SCA, a term coined by market analysts, describes an automated process to identify open source components in a codebase. Once a component is identified, it becomes possible to map that component to known security disclosures and determine whether multiple versions are present within an application. SCA also helps identify whether the age of the component might present maintenance issues. While not strictly a security consideration, SCA also facilitates legal compliance related to those open source components.

    What is SAST?

    Static application security testing (SAST), or static analysis, is a testing methodology that analyzes source code to find security vulnerabilities that make your organization’s applications susceptible to attack. SAST scans an application before the code is compiled. It’s also known as white box testing.

    What is web vulnerabilities?
      • A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets.
    • Most Common Website Security Vulnerabilities
    • SQL Injections. …
    • Cross Site Scripting (XSS) …
    • Broken Authentication & Session Management. …
    • Insecure Direct Object References. …
    • Security Misconfiguration. …
    • Cross-Site Request Forgery (CSRF)

    – where do I specify the value

    – where do you pick the value

    – how are the value for application calculated

    Tell about different types of our graphics and table with ‘Exposure’ – what they show, how it can be useful for the clients.

    One of the big advantages of security phoenix is that we were able to visualize the complex data that goes behind cyber security and create a narrative that helps you understand how safe your company really is.

    With the risk progression models, we are able to track the overall performance of the company’s risk over time.

    Creating thresholds allow you to manage your company’s risk so that it can stay below your designated threshold. Our risk progression line graphs show the threshold you have set overlaid against the risk progression over time. This sheds light on any patterns that arise.

    From the dashboard, you will be able to see the cost of your exposure over time as well as how much can be saved through fixing the exposure.

    The heatmap’s ability to navigate through the most critical risks in the system is unmatched. To visually ascertain where significant risks are coming from is pivotal to understanding the nature of the vulnerability and how best to mitigate and prevent other similar risk vulnerabilities from happening.