1-616-874-7810 info@vdalabs.com

News & Updates

Security vs. Ease of Use – Do we have to fight?

One thing no security practitioner will argue with is that there has always been a struggle balancing security vs. ease of use when implementing technology solutions. In meeting after meeting a recurring them is "{This group} will never agree to doing that!". Thanks...

What color do you want your pentest?

Recently VDA was conducting an enterprise software security engagement where we were looking closely at the internal software security practices of a large enterprise. Through that work I got to spend a lot of time with a document called the BSIMM which is a study...

Does Control Flow Hijack Matter Anymore?

From the 90s to 2015ish memory corruption bugs in C/C++ programs, which lead to control flow hijacks (think buffer overflows etc.) were one of the hottest topics in security.  There were all kinds of talks, research projects, mitigations like EMET to stop ROP, etc. ...

Top Concerns for CISOs

The one constant in technology: is that nothing is constant.  Change is happening, faster and faster all the time.  All portions of the business should be looking to wisely leverage new tech (e.g. cloud, mobility, blockchain) to better serve the market. As a security...

Meet Our Droids: Penetration Testing Dropboxes

When VDA Labs conducts internal penetration tests, application security assessments, or product security reviews we typically use what we call a 'dropbox' in order to grant our team members access to the network or system that we are testing. These might be physical...