PCI DSS requires that organizations build and maintain a secure network, including the secure configuration of firewalls and routers. By leveraging network security controls, organizations can prevent criminals from...

Security Innovation has built a fun and engaging vulnerability hunting training ground we call CMD+CTRL. We’ve designed 5 separate vulnerable websites and an insecure Android mobile app of differing levels of difficulty...

New York State proposed new security regulations, known as 23 NYCRR 500, which applies to financial services companies and goes into effect on March 1, 2017. The new rules outline steps that financial service institutions...

The answer: Both…… if you want optimized coverage.

Most organizations have countless software applications they need to secure, but strict budgets and resources to do so. To ensure the right breadth and depth of test...

Fifty years ago, high atop Launch Complex 34 at Cape Canaveral, a spark caused by faulty wiring ignited flammable materials in the pure oxygen environment inside the Apollo 1 capsule during a "plugs out" test. Astronauts...

At Security Innovation, our tech-enabled services leverage dozens of internally developed scanners, parsers, scripts and other tools to make our software security testing more efficient. However, authorization testing...

Hackers continue to use new techniques to wreak havoc on software applications and get access to sensitive data. The most effective way to reduce broad-scale application security risk is to conduct threat modeling...

As part of Security Innovation's internship program, I spent a month conducting extensive research on Android malware; in particular, the automated analysis of malware for the purpose of uncovering insights that can help...

The 2016 year has been a consistent reminder that hackers are still hard at work looking to take down top organizations around the world. During this year, we’ve focused on educating our readers about these attacks and...

While I realize that the reason DREAD has withstood the test of time is due to it's simplicity and clarity, I think that accuracy and a clear "you need to do something now" is essential.