logo
logo
Sign in
Stephanie Bond
Entersoft is an award winning application security company with a philosophy of security by design and DevSecOps.
Followers 2 Following 0
Stephanie Bond 2019-07-11
img

Entersoft hosted the Brisbane Hackfest earlier this month, as a practical, ethical hacking event to test digital assets of participating companies for vulnerabilities and fix them immediately with the help of our expert cybersecurity team.

The 2-day program was organised in collaboration with AustCyber, Advance QLD and OCQE at The Precinct, Brisbane, Queensland.

Businesses from a variety of backgrounds, hailing from across the Australian continent participated to have their product security validated and proactively strengthened.

Vulnerabilities across severity levels across - low, medium, high and critical - were identified across their products.

The highly competitive nature of the event ensured that hackers strived to uncover bugs quickly.

It was a great opportunity for startups and SMEs to secure their applications and educate their product developers on the need for and importance of application security.

For more details: https://blog.entersoftsecurity.com/24-hours-5-hackers-7-products-secured

collect
0
Stephanie Bond 2019-04-02
img

Cybercriminals worldwide target blockchain businesses with a variety of attacks including phishing, making a fool of them every single day.

Especially with the weakest links being people, phishing attacks have grown drastically both in number and in sophistication building mistrust in the entire industry.

A good example of this is the phishing attack on the tZero website where scammers created an exact replica of the original website with a weblink Țzero.com instead of Tzero.com - replacing the T with a T-comma (Ț).

As a blockchain business dealing with large-scale financial processes and investment management, Tzero faced the risk of losing money, business and reputation.

However, phishers went an extra mile in creativity, acquiring an https:// certificate for a fake site, tricking users into believing that it was the actual thing.

In addition to creating an entirely similar website in the address of énvion.org, the scammers also got the site an https:// certificate, making it seem all the more genuine.

collect
0
Stephanie Bond 2019-03-12
img

Banks regularly partner with Fintech startups to implement innovative technologies such as Robo advice, Chatbots, KYC and Regtech, Blockchain, Wealth Management, Artificial Intelligence, Big Data and so on.

Entersoft has helped over 30 Fintech companies in Australia, Singapore, HongKong and India win big banks as their customers.

We followed a proactive approach to help our customers successfully sign up with banks like NAB, ANZ, Macquarie, Standard Chartered and UBS.

If you don’t have any existing compliance practices and certifications in place, they will ask you to fill out a questionnaire to evaluate your product security posture.

Most Fintech startups panic and struggle when they come across the never ending checklist.

A lot of questions asked by banks are also outdated and not applicable to Fintech products.

collect
0
Stephanie Bond 2019-02-28
img

IoT devices go through one-time authentication which makes them vulnerable to infiltration and nefarious attacks, with each type vulnerable to different kinds.

Some primary forces driven by the adoption of IoT are:

Creation of Business Opportunities: The connected world of devices, people and data helps create numerous business opportunities for many sectors.

Strategic Decision-Making: Real-time updates offer resources to improve decision making and make fact finding more accurate.

Reduction in costs of Components: Costs of IoT components have significantly gone down, which effectively means that the cost of IoT-linked devices is getting more affordable day by day.

Internet of Things ecosystem is growing at a rapid pace.

collect
0
Stephanie Bond 2019-06-20
img

Conventional approaches rely entirely on a single type of testing - either manual or automated web scanners - leaving business leaders in a difficult spot of choosing one way or the other for their products.

While manual testing brings nuanced and intuitive strategy to the table, it could cause human-errors while taking several days to deliver results.

On the other hand, automated tools that give instant results, do not promise the intuition that an actual human contributes.

A system is only as secure as its weakest link, and all it really takes of a malicious hacker is to identify that weak link and sabotage it.

And in today’s digitally-driven world, odds are that a breach is just around the corner.

The whole is greater than the sum of its parts

Read more:https://blog.entersoftsecurity.com/what-is-your-approach-to-security-manual-testing-or-a-web-scanner

collect
0
Stephanie Bond 2019-03-21

Client is one of world's leading Bitcoin and Digital Currency exchange where investors, traders and everyday people come to sell and buy Bitcoin and Ether.

Having a security loophole in their product could be devastating.

Client approached a lot of cyber security companies and most of them proposed standard penetration testing.

Know how Entersoft helped them to be secure and hack proof.

With over 70,000 customers, they have processed over $100m worth of transactions.

They provide simple tools to manage digital currencies and use multi-factor authentication (e.g.

collect
0
Stephanie Bond 2019-03-11
img

XSSJacking can help attackers reach sensitive information for which they would normally need a more complex security flaw, such as a stored XSS (Cross-Site Scripting) or CSRF (Cross-Site Request Forgery), issues which most websites tend to fix when reported.

Clickjacking is a technique that fools users into taking actions they didn't intend to.

For example, an attacker can place various buttons on a malicious website.

XSSJacking chains together three attack techniques

Here is where the second technique comes in, called Self-XSS, which is a type of XSS that typically can only be triggered by a user typing in an XSS payload which triggers on themselves.

For example, if the attacker aligns his iframe, so the user interacts with a form field on the legitimate website, the user can insert text into that field without even knowing.

collect
0
Stephanie Bond 2019-02-27
img

Entersoft emerged victorious as "Best Fintech Startup of 2017" and "Outstanding Application Security Solutions Provider" at the 2017 ET NET FinTech Awards for their proactive and offensive approach with DevSecOps, which assess applications for various security loopholes.

With increasingly sophisticated hacks happening every day - putting more and more FinTechs at risk, we are working hard towards cyber security maturity for our customers.

Being a Cyber security company, to win Best Fintech of the year is a thrilling and exciting time for us.

“Our approach is a combination of offensive assessment, proactive monitoring and pragmatic managed security which provides highly cost effective and reliable solutions to some of the most pressing problems in an elegant manner,” he added.

“Hong Kong has all the ingredients to be the global and regional FinTech hub.

It is one of the international financial centers, the freest economy, rule of law, large talent pool, a strong legacy of trade and work ethic”, said Charles d’Haussy, the Head of FinTech at Invest Hong Kong (InvestHK).

collect
0
Stephanie Bond 2019-05-09
img

So we are going to make a big effort in this stream, to make sure that we explain technologies, Blockchain, artificial intelligence and their impact on finance and data protection.

So far we have worried about factories about human capital but from now on data is going to be a very important asset that companies will monetize and because of that we need to protect that asset.

Money is the currency of transactions and trust is the currency of relationships.

The GPRdefines "a person place breach as a breach of security Leeton to be accidental or unlawful destruction loss alteration on authorized disclosure or access to personal data is transmitted stored or void processed"

Importance Of Using Unique Passwords

Today I'd like to talk about passwords and password hygiene and the importance of using unique passwords with every site that you interact with.

Read More:https://importanceofcybersecurity.blogspot.com/2019/05/best-practices-for-data-breaches.html

collect
0
Stephanie Bond 2019-03-18
img

Driven by digital innovation, fintech is rapidly changing the way individuals and businesses perform financial transactions, be it to shop online, pay insurance premiums, evaluate credit scores or pay salaries.

Revolutionising the experience of monetary exchanges globally, fintech is pegged to grow at a CAGR of 72.5% between 2015 and 2020, reaching USD 72 billion, in the Asia-Pacific region alone.

Given that it is literally the industry of money, fintech is an enticing target for cyber-criminals desiring to become rich instantly.

For example, the Lazarus hacks of the SWIFT banking network in 2015 and 2016, leading to millions of dollars lost from several banks, have been remarked as “attacks that might put even the largest banks out of business.”

There is no silver bullet to security

One of the key reasons why a secure environment in fintech is complex to achieve is that the industry itself is heavily segmented and diverse in nature.

read More: https://blog.entersoftsecurity.com/how-secure-is-your-fintech-business

collect
0
Stephanie Bond 2019-03-05
img

In our interview for this month, we venture into one of the most trending topics these days and try to understand a decentralized application built on the Ethereum blockchain - WandX.

The entire concept of a blockchain is to keep it decentralized.

The apple farmer signs a deal with the apple pie manufacturer, saying that, six months down the line, I will sell 10,000 apples to you at Re.

Another example is a company called Golem, which is a decentralized cloud storage platform.

If you have 1 GB of data, it is split into 100 MB chunks, which are further distributed across thousands of machines on the encrypted network, all over the world.

Anyone using our platform has to use the Wand token, which acts as a loyalty point that will facilitate trade with other tokens.

collect
0
Stephanie Bond 2019-02-26
img

ICO attacks are new normal in 2018.

On an average 10 ICOs get hacked every month.

Successful ICOs are all about correct execution.

Most founders do not factor in the required cyber security practices to launch tokens and end up losing millions to silly hacks.

ICO startups are left with very few options after a heist.

ICOs budget an average of $70,000 to raise $1 Million.

collect
0
Stephanie Bond 2019-05-03
img

Does your team know the best simple practices to follow to make your web app secured?

Here is a checklist that can help your team build robust and secure applications.

Use Strict Contextual Escaping (SCE), Most Javascripts these days help you with this escaping.

The domain entry at the url should be considered and redirected properly i.e., the user might try in any of the following fashions:

Entering the url in any of the above mentioned ways should be redirected to the https://www.example.com

Do not use obsolete encryption and hashing algorithms like MD4, MD5, SHA1, DES.

Web App security

collect
0
Stephanie Bond 2019-03-15
img

FBI Director Robert Mueller once said, “There are only two types of companies: those that have been hacked, and those that will be.” Every business, no matter its industry or scale, is a potential target and unless there is a strong security culture in place, odds are that a breach will occur, causing a loss of information, leakage of critical data or direct financial fraud.

A 2018 study by Ponemon and IBM estimated the global average cost of a data breach at over $3.86 million, a stunning 6.4 per cent increase since the last year.

HBO recently lost 1.5 terabytes of data, including TV show episodes, scripts, manager emails and some actors’ personal information.

Economic Impact: A recent Frost & Sullivan report estimated that a large enterprise in the APAC region, can potentially incur over 30 Million USD in cybersecurity breaches every year.

This not only affects their operational productivity but also hampers their innovation and research capabilities, setting back their growth by months.

This forced Sony Entertainment to shut down operations for an entire month before the situation could be managed.

collect
0
Stephanie Bond 2019-03-01
img

OWASP has also dropped their long time vulnerability due to its lack of importance in present day application security.

They probably thought that it could be replaced by a more contemporary one.

In 2007, OWASP split Broken Access Control into these two categories to bring more attention to each half of the access control problem (data and functionality).

2013-A4: Insecure Direct Object References:

A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key.

2013-A7: Missing Function Level Access Control:

collect
0
Stephanie Bond 2019-02-25
img

Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.

Adobe Flash Player version 28.0.0.137 and prior versions are vulnerable.

More than 1 billion devices are addressable today with Flash technology

More than 20,000 apps in mobile markets, like the Apple App Store and Google Play, are built using Flash technology.

24 of the top 25 Facebook games were built using Flash technology.

The top 9 Flash technology-enabled games in China generated over US$70 million a month.

collect
0
Stephanie Bond 2019-07-11
img

Entersoft hosted the Brisbane Hackfest earlier this month, as a practical, ethical hacking event to test digital assets of participating companies for vulnerabilities and fix them immediately with the help of our expert cybersecurity team.

The 2-day program was organised in collaboration with AustCyber, Advance QLD and OCQE at The Precinct, Brisbane, Queensland.

Businesses from a variety of backgrounds, hailing from across the Australian continent participated to have their product security validated and proactively strengthened.

Vulnerabilities across severity levels across - low, medium, high and critical - were identified across their products.

The highly competitive nature of the event ensured that hackers strived to uncover bugs quickly.

It was a great opportunity for startups and SMEs to secure their applications and educate their product developers on the need for and importance of application security.

For more details: https://blog.entersoftsecurity.com/24-hours-5-hackers-7-products-secured

Stephanie Bond 2019-05-09
img

So we are going to make a big effort in this stream, to make sure that we explain technologies, Blockchain, artificial intelligence and their impact on finance and data protection.

So far we have worried about factories about human capital but from now on data is going to be a very important asset that companies will monetize and because of that we need to protect that asset.

Money is the currency of transactions and trust is the currency of relationships.

The GPRdefines "a person place breach as a breach of security Leeton to be accidental or unlawful destruction loss alteration on authorized disclosure or access to personal data is transmitted stored or void processed"

Importance Of Using Unique Passwords

Today I'd like to talk about passwords and password hygiene and the importance of using unique passwords with every site that you interact with.

Read More:https://importanceofcybersecurity.blogspot.com/2019/05/best-practices-for-data-breaches.html

Stephanie Bond 2019-04-02
img

Cybercriminals worldwide target blockchain businesses with a variety of attacks including phishing, making a fool of them every single day.

Especially with the weakest links being people, phishing attacks have grown drastically both in number and in sophistication building mistrust in the entire industry.

A good example of this is the phishing attack on the tZero website where scammers created an exact replica of the original website with a weblink Țzero.com instead of Tzero.com - replacing the T with a T-comma (Ț).

As a blockchain business dealing with large-scale financial processes and investment management, Tzero faced the risk of losing money, business and reputation.

However, phishers went an extra mile in creativity, acquiring an https:// certificate for a fake site, tricking users into believing that it was the actual thing.

In addition to creating an entirely similar website in the address of énvion.org, the scammers also got the site an https:// certificate, making it seem all the more genuine.

Stephanie Bond 2019-03-18
img

Driven by digital innovation, fintech is rapidly changing the way individuals and businesses perform financial transactions, be it to shop online, pay insurance premiums, evaluate credit scores or pay salaries.

Revolutionising the experience of monetary exchanges globally, fintech is pegged to grow at a CAGR of 72.5% between 2015 and 2020, reaching USD 72 billion, in the Asia-Pacific region alone.

Given that it is literally the industry of money, fintech is an enticing target for cyber-criminals desiring to become rich instantly.

For example, the Lazarus hacks of the SWIFT banking network in 2015 and 2016, leading to millions of dollars lost from several banks, have been remarked as “attacks that might put even the largest banks out of business.”

There is no silver bullet to security

One of the key reasons why a secure environment in fintech is complex to achieve is that the industry itself is heavily segmented and diverse in nature.

read More: https://blog.entersoftsecurity.com/how-secure-is-your-fintech-business

Stephanie Bond 2019-03-12
img

Banks regularly partner with Fintech startups to implement innovative technologies such as Robo advice, Chatbots, KYC and Regtech, Blockchain, Wealth Management, Artificial Intelligence, Big Data and so on.

Entersoft has helped over 30 Fintech companies in Australia, Singapore, HongKong and India win big banks as their customers.

We followed a proactive approach to help our customers successfully sign up with banks like NAB, ANZ, Macquarie, Standard Chartered and UBS.

If you don’t have any existing compliance practices and certifications in place, they will ask you to fill out a questionnaire to evaluate your product security posture.

Most Fintech startups panic and struggle when they come across the never ending checklist.

A lot of questions asked by banks are also outdated and not applicable to Fintech products.

Stephanie Bond 2019-03-05
img

In our interview for this month, we venture into one of the most trending topics these days and try to understand a decentralized application built on the Ethereum blockchain - WandX.

The entire concept of a blockchain is to keep it decentralized.

The apple farmer signs a deal with the apple pie manufacturer, saying that, six months down the line, I will sell 10,000 apples to you at Re.

Another example is a company called Golem, which is a decentralized cloud storage platform.

If you have 1 GB of data, it is split into 100 MB chunks, which are further distributed across thousands of machines on the encrypted network, all over the world.

Anyone using our platform has to use the Wand token, which acts as a loyalty point that will facilitate trade with other tokens.

Stephanie Bond 2019-02-28
img

IoT devices go through one-time authentication which makes them vulnerable to infiltration and nefarious attacks, with each type vulnerable to different kinds.

Some primary forces driven by the adoption of IoT are:

Creation of Business Opportunities: The connected world of devices, people and data helps create numerous business opportunities for many sectors.

Strategic Decision-Making: Real-time updates offer resources to improve decision making and make fact finding more accurate.

Reduction in costs of Components: Costs of IoT components have significantly gone down, which effectively means that the cost of IoT-linked devices is getting more affordable day by day.

Internet of Things ecosystem is growing at a rapid pace.

Stephanie Bond 2019-02-26
img

ICO attacks are new normal in 2018.

On an average 10 ICOs get hacked every month.

Successful ICOs are all about correct execution.

Most founders do not factor in the required cyber security practices to launch tokens and end up losing millions to silly hacks.

ICO startups are left with very few options after a heist.

ICOs budget an average of $70,000 to raise $1 Million.

Stephanie Bond 2019-06-20
img

Conventional approaches rely entirely on a single type of testing - either manual or automated web scanners - leaving business leaders in a difficult spot of choosing one way or the other for their products.

While manual testing brings nuanced and intuitive strategy to the table, it could cause human-errors while taking several days to deliver results.

On the other hand, automated tools that give instant results, do not promise the intuition that an actual human contributes.

A system is only as secure as its weakest link, and all it really takes of a malicious hacker is to identify that weak link and sabotage it.

And in today’s digitally-driven world, odds are that a breach is just around the corner.

The whole is greater than the sum of its parts

Read more:https://blog.entersoftsecurity.com/what-is-your-approach-to-security-manual-testing-or-a-web-scanner

Stephanie Bond 2019-05-03
img

Does your team know the best simple practices to follow to make your web app secured?

Here is a checklist that can help your team build robust and secure applications.

Use Strict Contextual Escaping (SCE), Most Javascripts these days help you with this escaping.

The domain entry at the url should be considered and redirected properly i.e., the user might try in any of the following fashions:

Entering the url in any of the above mentioned ways should be redirected to the https://www.example.com

Do not use obsolete encryption and hashing algorithms like MD4, MD5, SHA1, DES.

Web App security

Stephanie Bond 2019-03-21

Client is one of world's leading Bitcoin and Digital Currency exchange where investors, traders and everyday people come to sell and buy Bitcoin and Ether.

Having a security loophole in their product could be devastating.

Client approached a lot of cyber security companies and most of them proposed standard penetration testing.

Know how Entersoft helped them to be secure and hack proof.

With over 70,000 customers, they have processed over $100m worth of transactions.

They provide simple tools to manage digital currencies and use multi-factor authentication (e.g.

Stephanie Bond 2019-03-15
img

FBI Director Robert Mueller once said, “There are only two types of companies: those that have been hacked, and those that will be.” Every business, no matter its industry or scale, is a potential target and unless there is a strong security culture in place, odds are that a breach will occur, causing a loss of information, leakage of critical data or direct financial fraud.

A 2018 study by Ponemon and IBM estimated the global average cost of a data breach at over $3.86 million, a stunning 6.4 per cent increase since the last year.

HBO recently lost 1.5 terabytes of data, including TV show episodes, scripts, manager emails and some actors’ personal information.

Economic Impact: A recent Frost & Sullivan report estimated that a large enterprise in the APAC region, can potentially incur over 30 Million USD in cybersecurity breaches every year.

This not only affects their operational productivity but also hampers their innovation and research capabilities, setting back their growth by months.

This forced Sony Entertainment to shut down operations for an entire month before the situation could be managed.

Stephanie Bond 2019-03-11
img

XSSJacking can help attackers reach sensitive information for which they would normally need a more complex security flaw, such as a stored XSS (Cross-Site Scripting) or CSRF (Cross-Site Request Forgery), issues which most websites tend to fix when reported.

Clickjacking is a technique that fools users into taking actions they didn't intend to.

For example, an attacker can place various buttons on a malicious website.

XSSJacking chains together three attack techniques

Here is where the second technique comes in, called Self-XSS, which is a type of XSS that typically can only be triggered by a user typing in an XSS payload which triggers on themselves.

For example, if the attacker aligns his iframe, so the user interacts with a form field on the legitimate website, the user can insert text into that field without even knowing.

Stephanie Bond 2019-03-01
img

OWASP has also dropped their long time vulnerability due to its lack of importance in present day application security.

They probably thought that it could be replaced by a more contemporary one.

In 2007, OWASP split Broken Access Control into these two categories to bring more attention to each half of the access control problem (data and functionality).

2013-A4: Insecure Direct Object References:

A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key.

2013-A7: Missing Function Level Access Control:

Stephanie Bond 2019-02-27
img

Entersoft emerged victorious as "Best Fintech Startup of 2017" and "Outstanding Application Security Solutions Provider" at the 2017 ET NET FinTech Awards for their proactive and offensive approach with DevSecOps, which assess applications for various security loopholes.

With increasingly sophisticated hacks happening every day - putting more and more FinTechs at risk, we are working hard towards cyber security maturity for our customers.

Being a Cyber security company, to win Best Fintech of the year is a thrilling and exciting time for us.

“Our approach is a combination of offensive assessment, proactive monitoring and pragmatic managed security which provides highly cost effective and reliable solutions to some of the most pressing problems in an elegant manner,” he added.

“Hong Kong has all the ingredients to be the global and regional FinTech hub.

It is one of the international financial centers, the freest economy, rule of law, large talent pool, a strong legacy of trade and work ethic”, said Charles d’Haussy, the Head of FinTech at Invest Hong Kong (InvestHK).

Stephanie Bond 2019-02-25
img

Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.

Adobe Flash Player version 28.0.0.137 and prior versions are vulnerable.

More than 1 billion devices are addressable today with Flash technology

More than 20,000 apps in mobile markets, like the Apple App Store and Google Play, are built using Flash technology.

24 of the top 25 Facebook games were built using Flash technology.

The top 9 Flash technology-enabled games in China generated over US$70 million a month.