New Cybersecurity Rules for New York Financial Firms
Next week (March 1), new regulations from the New York State Department of Financial Services (DFS) will take effect, giving financial services firms licensed to operate in New York 180 days to improve their security based on new requirements. The regulations cover a slew of issues ranging from the maintenance of written policies, testing, governance
The Personalities That Put the “Crowd” in Bugcrowd (Part 3 of 3)
In the last installment of The Personalities that Put the “Crowd” in Bugcrowd (Part 2 of 3), I discussed the “Full-Timer” and “Virtuoso” personality types as part of the five distinct personalities that make up our crowd of nearly 70,000 security researchers. As stated previously, it’s important to understand researcher motivations if you intend to run a successful
The Personalities That Put the “Crowd” in Bugcrowd (Part 2 of 3)
Previously, in The Personalities that Put the “Crowd” in Bugcrowd (Part 1 of 3), I covered both the “Knowledge-Seeker” and “Hobbyist” personality types as part of the five distinct personalities that make up our crowd of over 65,000 security researchers. In order for companies to run successful bug bounty programs, it’s important to understand researcher motivations – and
The Personalities That Put the “Crowd” in Bugcrowd (Part 1 of 3)
Last week, David Baker (Bugcrowd’s Chief Security Officer) released a blog post discussing why it’s important to understand researcher motivations in order to run a successful bug bounty program. Furthermore – to enable current and future customers to get a better handle on what drives security researchers at Bugcrowd – we released the Inside the
MacOS High Sierra: Getting to the Root of the Problem
What we know so far Earlier today it was publicly disclosed that Apple’s MacOS High Sierra contains a trivially-exploitable flaw, which allows malicious individuals to generate a persistent root access account to your system. It is not readily apparent whether or not this vulnerability is remotely exploitable, but out an of abundance of caution there
Mobile Testing: Setting Up Your Android Device Pt. 1
In this post, I will provide a brief overview of the anatomy of a mobile penetration test, and cover the first step in getting started with mobile testing on an Android device. My goal is to help folks that are new to mobile testing break the barrier of getting started, and debunk the assumption that mobile application