OWASP Mobile Application Security Verification Standards (MASVS) v2.0 Release Candidate is Coming!
The OWASP Mobile Security Project has been renamed to OWASP Mobile Application Security and is undergoing a major refactoring of the MASVS to simplify and streamline requirements for secure mobile app development. The OWASP Mobile Application Security Testing Guide (MASTG) manual will also be refactored to align with the new MASVS v2.0 controls and create "atomic tests".
- Cloud risk management
- Remote working
When you outsource production, you may risk productivity
Gone are the days of anti-virus updates being applied only when a client is connected to a network segment that has visibility of the internal update services. In this new world, updates are being pushed out quickly and automatically from a central cloud service, reducing the exposure time to any potential threat. The security benefit of automatic, fast updates to client systems is obvious. The downside – which sometimes can be measured in terms of productivity - is less so. Productivity benefits are generally why businesses adopt cloud-centric models, that allow them to be agile. However, when we do this, we are at the mercy of these platforms. Global outages or incidents in large cloud platforms do not happen often, but when they do, especially at global scale, the ripples are felt everywhere.
- Detect and respond
- News
- Tools and techniques
Exchange Zero Day - CVE-2022-41040 and CVE-2022-41082
Microsoft Exchange is one of the most popular enterprise email products and runs on Windows Server operating systems. In August 2022, researchers at GTSC discovered a flaw in Exchange which allows attackers to obtain remote code execution on affected systems. Critically, this vulnerability affects fully patched Exchange Servers which renders this exploit as a zero-day vulnerability. These vulnerabilities have recently been confirmed by Microsoft as CVE-2022-41040 and CVE-2022-41082.