10 Types of Application Security Testing Tools: When and How to Use Them

Bugs and weaknesses in software are common: 84 percent of software breaches exploit vulnerabilities at the application layer....

July 8, 2018 • By Thomas Scanlon

In CERT/CC Vulnerabilities

How to Get the Most Out of Penetration Testing

There are many reasons for an organization to perform a penetration test of its information systems: to meet compliance standards, test a security team's capabilities....

January 22, 2018 • By Michael Cook

In CERT/CC Vulnerabilities

8 At-Risk Emerging Technologies

by Dan KlinedinstVulnerability AnalystCERT DivisionAs the world becomes increasingly interconnected through technology, information security vulnerabilities emerge from the deepening complexity. Unexpected interactions between hardware and software components can magnify the …

October 22, 2017 • By Dan J. Klinedinst

In CERT/CC Vulnerabilities

The Consequences of Insecure Software Updates

In this blog post, I discuss the impact of insecure software updates as well as several related topics, including mistakes made by software vendors in their update mechanisms, how to …

June 29, 2017 • By Will Dormann

In CERT/CC Vulnerabilities

The Twisty Maze of Getting Microsoft Office Updates

While investigating the fixes for the recent Microsoft Office OLE vulnerability, I encountered a situation that led me to believe that Office 2016 was not properly patched. However, after further …

April 12, 2017 • By Will Dormann

In CERT/CC Vulnerabilities

Windows 10 Cannot Protect Insecure Applications Like EMET Can

Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points....

November 20, 2016 • By Will Dormann

In CERT/CC Vulnerabilities

CVD Series: Principles of Coordinated Vulnerability Disclosure (Part 2 of 9)

This is the second post in a series about Coordinated Vulnerability Disclosure (CVD).The material in this series represents a collective effort within the CERT/CC Vulnerability Analysis team. As such, it's …

October 3, 2016 • By Garret Wassermann

In CERT/CC Vulnerabilities

CVD Series: What is Coordinated Vulnerability Disclosure? (Part 1 of 9)

This is the first post in a series about Coordinated Vulnerability Disclosure (CVD). In this series, we will discuss why CVD is an important part of the modern software development …

September 26, 2016 • By Garret Wassermann

In CERT/CC Vulnerabilities

Bypassing Application Whitelisting

Application whitelisting is a useful defense against users running unapproved applications....

June 29, 2016 • By Will Dormann

In CERT/CC Vulnerabilities

Who Needs to Exploit Vulnerabilities When You Have Macros?

Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities....

June 7, 2016 • By Will Dormann

In CERT/CC Vulnerabilities