Online Training Special Offer! Get an iPad Mini, Surface Go, or $300 Off thru Oct 2!

SANS Security Insights

Finding a Cure for Ransomware

By Deb Radcliff, Creative Director,SANS Analyst Program

Ransomware has been around for years. So why are high-cost, invasive ransomware attacks making so much news these days? Simply put, criminals go where the money is. And there's still a lot of money to be had in ransomware attacks because victims pay the ransoms.


Create an Action Plan for Insider Threat

By Deb Radcliff, Creative Director, SANS Analyst Program

In less than a month, two high-loss insider attacks made big news. In the Capital One breach, an Amazon engineer heisted more than 100 million customer records by using her inside knowledge to break through a misconfigured firewall in a Capital One cloud server hosted at Amazon EC2. Then, less than 30 days later, a former insider from Google was formally indicted for stealing Google's self-driving-car secrets and transferring them to his new employer, Uber.


Pilots in Control: Aviation Hacking Myth Debunked

By Barbara Filkins, ATP and Certified Flight Instructor, InstructorResearch Director, SANS Analyst Program

Rapid7's Black Hat announcement around the inherent weakness of the CAN bus avionics systems used in some small aircraft did not focus on any new vulnerabilities. CAN, as well as most monitoring and control protocols in general use, has no authentication of source or data, as well as no native encryption.


Don't Fear DevOps: Black Hat 2019

Embrace DevOps as part of the new business culture, says respected researcher Dino Dai Zovi, Staff Security Engineer, Square.

By Deb Radcliff, Creative Director, SANS Analyst Program

BLACK HAT 23, LAS VEGAS - During his keynote at the Black Hat security conference last Wednesday, Dino Dai Zovi, Staff Security Engineer at Square, challenged the audience to fully immerse themselves in DevOps in order to support today's pace of web- and cloud-based business.


Writing the Book on Hacking Web Applications

By Deb Radcliff, Creative Director,SANS Analyst Program

If you like attacking web apps, you'll want to check out the new, interactive book "The Penetration Tester's Guide to Web Applications."

Don't let the sleeper title fool you. This book is actually more like a training course that makes learning fun. It's filled with relatable graphics, real-world examples and links to hands-on labs for testing hacks against the OWASP Top 10 vulnerabilities that are exploited on web apps.