Category Archives: General
edgescan InfoSecurity Europe 2019 Security Survey Results
July 2, 2019
The edgescan team recently attended the InfoSecurity Europe 2019 conference in London in June. While there, we took the opportunity to survey the security professionals who came to our stand. The main results are below and the full results of the edgescan Cybersecurity Survey here. For more information Contact edgescan
Read moreblog , general , news , press-release
edgescan Wins at Tech Excellence Awards 2019
May 24, 2019
On Thursday 23rd May, the 19th annual Tech Excellence Awards event was held at Citywest Hotel in Dublin. More than 600 luminaries from the technology sector gathered to celebrate another year of innovation and commercial success at home and abroad. edgescan had been shortlisted for Managed Security Service Provider of the Year along […]
Read moreCVE-2019-0708 Critical Security Advice from edgescan
May 17, 2019
Windows CVE-2019-0708? This blog explains CVE-2019-0708, how to identify if you are vulnerable and highlights how this type of threat was identified in the edgescan 2019 Vulnerability Stats Report. What is it? A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects […]
Read moreblog , general , news , press-release
edgescan is CREST Approved for Penetration Testing
May 8, 2019
BCC Risk Advisory/edgescan is CREST Accredited for Penetration Testing BCC Risk Advisory/edgescan recently applied for accreditation to CREST for our Penetration Testing services. CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security industry. CREST provides internationally recognised accreditation for organisations providing technical security services and professional level certifications […]
Read moreblog , case-study , general , news , press-release
Popular WordPress WAF bypass Zeroday discovered by edgescan
April 9, 2019
WordFence WAF XSS Bypass – CVE-2019-9669 by Anthony Yalcin A Web Application Firewall (WAF) is an application firewall that filters, monitors, and blocks malicious HTTP traffic. By inspecting HTTP traffic, it can prevent attacks related to web application security flaws, such as SQL injection, cross-site scripting (XSS), and security misconfigurations. WAFs may come in the […]
Read moreDon’t forget the fundamentals
April 3, 2019
Firefighting: Looking back at 2018 the evidence supports that many organisations struggle with the fundamentals of maintaining a reasonably secure posture. We’re still seeing large amounts of vulnerabilities which have been common place for over 15 years. Items such as Cross-site scripting, SQL injection and command Injection, all are still relatively common. The question is […]
Read moreedgescan Metrics
February 12, 2019
During February we are releasing a new Vulnerability Metrics tab on the edgescan dashboard. Currently Full Reporting & API access for metrics is available, so that you can report on any asset or vulnerability at any time, open or closed. We also offer the ability to report on assets that are tagged with […]
Read moreedgescan at RSA
February 12, 2019
We’re at RSA San Francisco between March 4th and 8th demonstrating our SaaS based Vulnerability intelligence platform. Our CEO, Eoin Keary, COO, Rahim Jina and some of our senior team shall be in attendance. We shall be demonstrating how edgescan works, discussing our 2019 Vulnerability Stats Report and showing you “why edgescan”! There is a […]
Read moreedgescan achieve ISO 27001:2013 Certification
September 5, 2018
We’re very happy to announce that edgescan is now a certified ISO 27001:2013 Vulnerability Management SaaS. – One of very few Vulnerability Management SaaS organizations globally. Certificate can be found here What does this mean to you? Well, simply we can prove we deliver our Vulnerability management SaaS in accordance with industry best practice. In effect we operate […]
Read moreFalse Positives, False Negatives and Tooling
July 12, 2018
Beware of False prophets: Something we have encountered with our clients when using MSSP’s (Managed Security Service Providers) is in relation to tools and validation. Tools are necessary to discover security weaknesses across the fullstack which is nothing new. Fullstack visibility of security controls is key when operating a robust vulnerability management operation but there […]
Read more