1-616-874-7810 info@vdalabs.com

News & Updates

Great Time at RSA

VDA Labs was at RSA this year.  Such a big event!  Great for networking. I was also fortunate enough to be selected to speak.  We at VDA Labs have a real heart for seeing our customers succeed in being more secure, and in helping develop their staff.  So, I spoke on...

Social Engineering is on the Rise

Social Engineering is the number 1 way people and businesses are getting compromised.  Legitimate looking emails trick HR/Finance into sending W2s, wiring money, or clicking malicious links and attachments.  I recently partnered with news station WWMT to show home...

Investigating Hacks: Call to Action

VDA Labs has been doing more incident response lately.  I’m writing this blog to warn businesses in the area to take security seriously.  I’ve seen too many small and midsize business get hacked.  Ransomware is the number one threat.  Other scams like wire fraud are...

2017 Cyber Predictions

Well, it’s that time of year.  Everyone is wrapping up 2016 and planning for 2017.  In cyber, we tend to have a tradition of making predictions.  Security continues to be a hard problem, so here are my thoughts:   We will see death from hacking pick up in the...

Application Security Audit

So, you want to check the security of an in-house developed application?  Great! Doing this a couple times a year is very important.  Here’s a few questions to ask your auditor: Do they just scan the code with tools, or do they also have experts on staff to understand...

Cyber Regulation – Software Security

I’ve been asked if, and if so, what type of cyber regulation is needed.  Here are some thoughts: I do think carefully thought out regulation is required.  Too much or too specific laws would hamper industry.  But basic safety standards should exist.  Here’s one...

Pentesting

VDA labs is often asked about doing pentests.  What’s interesting is how that word means different things to different people.  Sometimes what they really want is a pentest of an app or system.  A system can be audited based on design, machine or manual code analysis,...

Derby, Grr, Retr3at, and ToorCon

Busy fall here at VDA Labs.  We’ve trained at Derby and have ToorCon still coming.  And we’ll be speaking at all of those.  I hope you can make it to one, and come say “hi”!  One thing I love about DerbyCon is that they release the videos right away, which allows us...

Are PenTesters Worried about Machine Learning?

Nope.  They bypass tools like Cylance all the time.  Static ML before execution can be useful to classify known threats and commodity malware.  But APT and pentesters do not work like that.  Modern pentesters do not even use exploits/exes much.  They guess passwords,...

Is Black Hat Still a Good Security Conference?

The very best actually.  The people.  The trainings.  The talks.  The vendors.  The networking (hi to my OSI friends).  The parties (thx Synopsys for another fun CodenomiCON).  Every year, I see old friends from awesome companies that I only see once a year in Vegas...

Is an SDLC Really Needed?

You’ve probably heard about needing a software security development lifecycle (SDL or SDLC)?  SDL was a push that Microsoft led the charge on after Bill Gates’ seminal memo for better software quality and security in 2002.  The picture below provides an overview of...

What Should I do about Software Protection?

Companies often ask me, “what do I need to do to better protect my software?”  And it of course depends on a great many things.  That’s where having a trusted partner can help: we help you sift through the details, pentest what you have, and help you engineer a better...

Website Security from a Business Perspective

Website Security I was recently asked to comment on the compromise, or hack - although I don't like to use that term in the context of criminal behavior, of a very popular regional website (see my comments here).  The site's homepage was replaced with an image of the...

VDA Labs Training

Welcome to VDA Labs! 18 years ago I started hacking.  A few years after that, I discovered my passion for sharing the knowledge I was rapidly gaining. Contact us at info@vdalabs.com to find out how we can help your organization.  Looking forward to meeting you soon....