1-616-874-7810 info@vdalabs.com

News & Updates

Security vs. Ease of Use – Do we have to fight?

One thing no security practitioner will argue with is that there has always been a struggle balancing security vs. ease of use when implementing technology solutions. In meeting after meeting a recurring them is "{This group} will never agree to doing that!". Thanks...

What color do you want your pentest?

Recently VDA was conducting an enterprise software security engagement where we were looking closely at the internal software security practices of a large enterprise. Through that work I got to spend a lot of time with a document called the BSIMM which is a study...

Does Control Flow Hijack Matter Anymore?

From the 90s to 2015ish memory corruption bugs in C/C++ programs, which lead to control flow hijacks (think buffer overflows etc.) were one of the hottest topics in security.  There were all kinds of talks, research projects, mitigations like EMET to stop ROP, etc. ...

Top Concerns for CISOs

The one constant in technology: is that nothing is constant.  Change is happening, faster and faster all the time.  All portions of the business should be looking to wisely leverage new tech (e.g. cloud, mobility, blockchain) to better serve the market. As a security...

Meet Our Droids: Penetration Testing Dropboxes

When VDA Labs conducts internal penetration tests, application security assessments, or product security reviews we typically use what we call a 'dropbox' in order to grant our team members access to the network or system that we are testing. These might be physical...

What’s Hot in Cyber?

We're now a month into 2018 and, as usual in this industry, things continue to change. New attacks, major vulnerabilities, technologies for defenders, and industry players are the norm. We wanted to take a step back and share a bit about the new things we are tracking...

Cryptocurrency Basics and Security Fundamentals

Ever since late in 2017 cryptocurrencies have been a hot topic - especially within the security community because it aligns with many other common interests. As a team VDA has been having some lively discussions around cryptocurrency and so we thought we should share...

Rails Vulnerabilities and Where To Find Them – Part 2

Picking up where we left off last week, check out Rails Vulnerabilities and Where To Find Them - Part 1 if you have not, we will be taking a look at some additional common security issues with Ruby on Rails applications and where they are typically found within the...

Rails Vulnerabilities and Where To Find Them – Part 1

Over the past year VDA labs has conducted application security audits on several Ruby on Rails applications for both local businesses and very large corporations. This has been something of a treat for me personally because it was very interesting to be on the other...

Spectre and Meltdown: The Important Parts

The first full week started 2018 with a bang in the information security space when two new vulnerabilities were disclosed. These new vulnerabilities, dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753), allow for sensitive information to be leaked from...

Cyber Safety Tips for 2018

Dr. DeMott from VDA Labs spoke with WZZM13 about the easy steps you can take to be safer online in 2018. These include using strong passwords, a password manager, two factor authentication, and more. View the video and read the tips here.

Thoughts on Snowden

  I still get asked a lot about Snowden.  Did you know him?  What do you think about him?  Rather than try and answer, I simply point them to an interview I did a while back with Bloomberg on the matter.  Enjoy!  ...