Latest Posts

Devo Achieves ATO, and Federal CISOs Gain Another Key Resource

Featured Posts
Devo Achieves ATO, and Federal CISOs Gain Another Key Resource

Jan 19, 2024

Seeking SaaS: FedRAMP Launches Modernization and 10X Increase

Nov 22, 2023

Ripcord Transforms, Anitian Empowers, Agencies Win

Oct 25, 2023

Revving Up for Rev5, Part 3: Recommendations and Timelines

Aug 22, 2023

Revving Up for Rev5, Part 2: SCRM, Privacy and Encryption

Aug 1, 2023

All Posts

andrew.plato

October 13, 2018

Owning SAML

Exploiting a SAML Implementation and SAML Vulnerability During a recent web application test, I discovered a bug in a Security Assertion…

Read More

andrew.plato

August 10, 2018

The NGFW is Dead

Let’s get this out of the way: the next-generation firewall (NGFW) is dead. The cause of death: cloud. However, this is…

Read More

andrew.plato

April 2, 2018

A Study in Exploit Development – Part 2: Taking it to the Next Level

Welcome to Part 2 of this 2-part blog series looking at the details of exploring and validating an exploit! If you…

Read More

andrew.plato

March 27, 2018

A Study in Exploit Development – Part 1: Setup and Proof of Concept

A Study in Exploit Development: Easychat SEH exploit A typical penetration test involves automated compliance scanning to identify vulnerabilities, followed by…

Read More

andrew.plato

March 5, 2018

The Top Five SOC 2 Compliance Questions Answered

SOC2 compliance is a must-have for SaaS companies. Anitian's VisionPath compliance team looks at your road to SOC2 compliance.

Read More

andrew.plato

February 23, 2018

How to Make PCI Compliance a Little Easier for Everyone

Before we begin, there’s one thing to make very, very clear: You cannot outsource ALL compliance! I do not care what…

Read More

andrew.plato

February 6, 2018

The Human Firewall is a Lie

It is delusional to think we can deprogram millennia of human evolution because information security is difficult. The human firewall is…

Read More

andrew.plato

November 30, 2017

Ulterius Zero Day Disclosure

How Anitian discovered a zero day vulnerability in the Ulterius remote access software, and wrote an automated exploit tool.

Read More

andrew.plato

November 30, 2017

Ulterius Zero Day Disclosure

How Anitian discovered a zero day vulnerability in the Ulterius remote access software, and wrote an automated exploit tool.

Read More
GDPR is Coming - Anitian

andrew.plato

November 15, 2017

GDPR is Coming

GDPR has rapidly devolved into a touchstone for everything from vendor FUD to political frothing. It has been hailed as a huge…

Read More
Webinar Video: PCI Compliance for AWS Cloud - Anitian

andrew.plato

October 26, 2017

Webinar Video: PCI Compliance for AWS Cloud

Anitian wrote the book on PCI Compliance for AWS (along with the team at AWS). How do you make AWS environments…

Read More

andrew.plato

September 5, 2017

What’s New in NIST 800-53 R5

The new NIST 900-53 Revision 5 is out, and we look at the changes.

Read More

andrew.plato

August 10, 2017

ISO 27001 – Part 3 – The Audit

ISO 27001 audits are not like other kinds of security assessments

Read More

andrew.plato

August 9, 2017

ISO 27001 – Part Two – Building an ISMS

Learn the six steps to building an ISO 27001 ISMS

Read More

andrew.plato

August 8, 2017

ISO 27001 Compliance – Part 1 – The Fundamentals

ISO 27001 compliance is rapidly become a model standard for organizations wishing to demonstrate security diligence in a global market.

Read More

andrew.plato

June 12, 2017

The Road to SOC2

SOC2 compliance is a must-have for SaaS companies. Anitian's VisionPath compliance team looks at your road to SOC2 compliance.

Read More