Security Vulnerabilities
Blog Posts
10 Types of Application Security Testing Tools: When and How to Use Them
Bugs and weaknesses in software are common: 84 percent of software breaches exploit vulnerabilities at the application layer....
• By Thomas Scanlon
In CERT/CC Vulnerabilities

How to Get the Most Out of Penetration Testing
There are many reasons for an organization to perform a penetration test of its information systems: to meet compliance standards, test a security team's capabilities....
• By Michael Cook
In CERT/CC Vulnerabilities

8 At-Risk Emerging Technologies
by Dan KlinedinstVulnerability AnalystCERT DivisionAs the world becomes increasingly interconnected through technology, information security vulnerabilities emerge from the deepening complexity. Unexpected interactions between hardware and software components can magnify the …
• By Dan J. Klinedinst
In CERT/CC Vulnerabilities

The Consequences of Insecure Software Updates
In this blog post, I discuss the impact of insecure software updates as well as several related topics, including mistakes made by software vendors in their update mechanisms, how to …
• By Will Dormann
In CERT/CC Vulnerabilities

The Twisty Maze of Getting Microsoft Office Updates
While investigating the fixes for the recent Microsoft Office OLE vulnerability, I encountered a situation that led me to believe that Office 2016 was not properly patched. However, after further …
• By Will Dormann
In CERT/CC Vulnerabilities

Windows 10 Cannot Protect Insecure Applications Like EMET Can
Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points....
• By Will Dormann
In CERT/CC Vulnerabilities

CVD Series: Principles of Coordinated Vulnerability Disclosure (Part 2 of 9)
This is the second post in a series about Coordinated Vulnerability Disclosure (CVD).The material in this series represents a collective effort within the CERT/CC Vulnerability Analysis team. As such, it's …
• By Garret Wassermann
In CERT/CC Vulnerabilities

CVD Series: What is Coordinated Vulnerability Disclosure? (Part 1 of 9)
This is the first post in a series about Coordinated Vulnerability Disclosure (CVD). In this series, we will discuss why CVD is an important part of the modern software development …
• By Garret Wassermann
In CERT/CC Vulnerabilities

Bypassing Application Whitelisting
Application whitelisting is a useful defense against users running unapproved applications....
• By Will Dormann
In CERT/CC Vulnerabilities

Who Needs to Exploit Vulnerabilities When You Have Macros?
Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities....
• By Will Dormann
In CERT/CC Vulnerabilities
