Blog – Kenna Security

Vulnerability Management & Risk Intelligence

  • The New Application Attack Surface

    The New Application Attack Surface

    This post comes as a result of a conversation between Tyler Shields, VP Strategy of Sonatype and myself.   The way we create, deploy and operate applications has changed in the last few years....

    Read Article
  • Nearly 20% of the 1000 Most Popular Docker Containers Have No Root Password

    Nearly 20% of the 1000 Most Popular Docker Containers Have No Root Password

    Earlier this month, Talos released research showing that the Alpine Linux docker images were shipping with no (or nulled) root passwords. Alpine patched the docker files, and issued their response...

    Read Article
  • Predicting CVE-2019-0708

    Predicting CVE-2019-0708

    UPDATE 20190523: Another WIP POC from @n1xbyte. Currently blue-screening, not landing. UPDATE 20190522: A PoC check (not Exploit!) for XP and Windows 7 is now available with the Metasploit port in...

    Read Article
  • Gaining Visibility in an AppSec World

    Gaining Visibility in an AppSec World

    It’s no secret that application security professionals face an uphill battle as they attempt to influence development teams to remediate critical application vulnerabilities. But why is it such a...

    Read Article
  • Get Ahead of Zero-Day Vulnerabilities With Kenna Security + Exodus Intelligence

    Get Ahead of Zero-Day Vulnerabilities With Kenna Security + Exodus Intelligence

    Zero-days vulnerabilities are unknown vulnerabilities. The exact definition is that they are vulnerabilities that have not been released to the public. The problem is that attackers may discover...

    Read Article
  • “New-School” Vulnerability Management vs. Old-School Vulnerability Management: A 7 Round Smackdown

    “New-School” Vulnerability Management vs. Old-School Vulnerability Management: A 7 Round Smackdown

    I’ve been talking about the benefits of adopting a risk-based approach to vulnerability management (VM) for some time now. Since Jeff Heuer and I founded Kenna Security, in fact. For those of you...

    Read Article
  • Learn How to Build a World-Class Application Security Program

    Learn How to Build a World-Class Application Security Program

    Despite the growing importance of application security in organizations of all sizes, most face an increasing number of challenges to implement a strong application security program. Custom code,...

    Read Article
  • Genpact Steps Off the Vulnerability Management Treadmill

    Genpact Steps Off the Vulnerability Management Treadmill

    John Morin, Customer Success Manager, Kenna Security Let’s face it, vulnerability management is challenging. Larger companies can have tens of thousands of assets and millions of vulnerabilities....

    Read Article
  • Kenna Security Makes Noise at RSAC

    Kenna Security Makes Noise at RSAC

    Last week, more than 40,000 security professionals packed the relatively small city of San Francisco for the annual RSA Conference (RSAC). As the largest security conference in the world, RSAC...

    Read Article
  • Don’t Stop Me Now: The Race to Remediation Is On

    Don’t Stop Me Now: The Race to Remediation Is On

    “That’s why they call me Mr. Fahrenheit, cause I’m patching at the speed of light!” – Freddie Mercury(ish). Over the past several months, my team and I have worked with the Cyentia Institute to...

    Read Article
  • One Hacker’s Guide to the Week of RSAC 2019

    One Hacker’s Guide to the Week of RSAC 2019

    Next week, starting on March 3rd, I will be in the Bay Area for both BSides SF and RSA Conference (RSAC) 2019. As a security professional (and a hacker, the good kind) working for a security...

    Read Article
  • Comprehensive Application Security Requires Open Source Vulnerability Detection

    Comprehensive Application Security Requires Open Source Vulnerability Detection

    Modern application security programs have unique requirements based on the complexity of the applications, themselves. Apps are comprised of multiple components, including runtime libraries,...

    Read Article
  • CUSTOMER BLOG: Share your opinion and support the Chicago Tech Academy!

    CUSTOMER BLOG: Share your opinion and support the Chicago Tech Academy!

    With one of our main offices in the Chicago area, the West Loop to be specific, we’re a big fan of local Chicago initiatives, especially relating to education. Our engineering teams have hosted...

    Read Article
  • From the Desk of the CEO: Looking Back to Look Forward

    From the Desk of the CEO: Looking Back to Look Forward

    With our employee all-hands and sales kickoff event just behind us and RSAC coming in early March, I wanted to take a moment to reflect on what I’ve seen, what I’m thankful for in my time here at...

    Read Article
  • Power to the Partner!

    Power to the Partner!

    Just a few weeks ago I headed off to Chicago—yes, into the polar vortex—to join my colleagues and friends at our yearly all-hands and sales kickoff for a week of learning, planning, celebrating....

    Read Article
  • All These Vulnerabilities Rarely Matter

    All These Vulnerabilities Rarely Matter

    As security professionals, we’ve all been in a situation where we’ve been presented with a large list of vulnerabilities in our systems, but we have limited time and budget to address them. In...

    Read Article
  • No Pain, No Gain: Why Shifting to DevOps Is Worth It for Your Organization

    No Pain, No Gain: Why Shifting to DevOps Is Worth It for Your Organization

    I’ve been pretty vocal lately about the need to shift security left and introduce it earlier in the development lifecycle. In fact, in a Dark Reading article I wrote toward the end of last year I...

    Read Article
  • Standard Vulnerability Management Isn’t Enough

    Standard Vulnerability Management Isn’t Enough

    There are dozens of vulnerability scanners on the market today. Their job is to do exactly what their name implies—scan your environment to find vulnerabilities. In fact, these vulnerability...

    Read Article
  • When Vulnerability Management Stops Being Polite & Starts Getting Real

    When Vulnerability Management Stops Being Polite & Starts Getting Real

    In my post in December, “Vulns Will Survive,” I shared some interesting data about the survivability rate of vulnerabilities in the enterprise. At the very end of the post, I promised to share...

    Read Article
  • Industry Benchmarks: You Can Get With This, Or You Can Get With That

    Industry Benchmarks: You Can Get With This, Or You Can Get With That

    In my previous role as a CISO, I probably received two questions far more than any others. The first, “Are we secure?” was a terrible and loaded question that required you to know your audience...

    Read Article
  • loading
    Loading More...