by Michael Fowl | Mar 5, 2019 | AppSec, Pentesting
At VDA Labs, we get to work on challenging information security problems across many technologies and diverse industries. This broad exposure sometimes gives us unique ideas on how to approach challenges we encounter. One of these ideas that we have been using with...
by Michael Fowl | Jan 8, 2019 | Enterprise Security, OSINT, Pentesting, Social Engineering
At VDA Labs we perform several types of penetration assessments that require a critical first step of learning more about our target. A key part of this process is the Open Source Intelligence Gathering (OSINT) phase. We never regret time invested in this step —...
by Dr. DeMott | Jul 11, 2018 | Auditing, Pentesting
We at VDA have noticed that many financial institutions (banks, credit unions, etc.) are getting a vast variety of lower cost “audits” all the time. Things like: IT Audit, Network Security Audit, Firewall Audit, Password Audit, etc. That’s fine on one...
by Michael Fowl | Jun 5, 2018 | Enterprise Security, Pentesting, Security
In the past, many organizations focused heavily on protecting ingress connections to their network and did not care much about egress connections from their network to the internet. This was less than ideal, because when an attacker or penetration testing team gained...
by Jenny Harrold | Mar 20, 2018 | Pentesting
Recently VDA was conducting an enterprise software security engagement where we were looking closely at the internal software security practices of a large enterprise. Through that work I got to spend a lot of time with a document called the BSIMM which is a study...
by Jenny Harrold | Feb 6, 2018 | Pentesting
When VDA Labs conducts internal penetration tests, application security assessments, or product security reviews we typically use what we call a ‘dropbox’ in order to grant our team members access to the network or system that we are testing. These might...