11 penetration testing tools the pros use
Formerly known as BackTrack Linux and maintained by the good folks at
Offensive Security (OffSec, the same folks who run the OSCP certification),
Kali is optimized in every way for offensive use as a penetration tester.
While you can run Kali on its own hardware, it's far more common to see
pentesters using Kali virtual machines on OS X or Windows. Kali ships with
most of the tools mentioned here and is the default pentesting operating
system for most use cases. Be warned, though--Kali is optimized for offense,
not defense, and is easily exploited in turn. Don't keep your super-duper
extra secret files in your Kali VM. ... Why exploit when you can meta-sploit?
This appropriately named meta-software is like a crossbow: Aim at your target,
pick your exploit, select a payload, and fire. Indispensable for most
pentesters, metasploit automates vast amounts of previously tedious effort and
is truly "the world's most used penetration testing framework," as its website
trumpets. An open-source project with commercial support from Rapid7,
Metasploit is a must-have for defenders to secure their systems from
attackers.
The Role of Business Analysts in Agile
A few things that we as BA Managers need to be aware of include: Understanding of the role - because of a BA’s ability to be a flexible, helpful and an overall "fill-in-the-gaps" person, the role of the BA gets blurrier and blurrier. This is what makes it interesting and also so great when it comes to working within an agile team. Ultimately it also makes it complicated to explain to others, especially those unfamiliar with the role. If it is complicated to explain, it is easy for people to underestimate the value it brings so make sure you are clear in your "pitch" of what your BAs do! Being pigeonholed into the role - if you are a great BA, nobody wants to lose you so they will continue giving you BA work even if you want to go into something else like project management. It is key for those managing BAs to actively support their career aspirations even if they are outside of the discipline, and to lobby on their behalf. Hitting an analysis complexity "ceiling" - if you are constantly with your team and helping them solve delivery problems, it is very hard to dedicate focused analysis time on upcoming large initiatives.Cisco bug warning: Critical static password flaw in network appliances needs patching
The flaws reside in the Cisco Discovery Protocol, a Layer 2 or data link layer
protocol in the Open Systems Interconnection (OSI) networking model. "An
attacker could exploit these vulnerabilities by sending a malicious Cisco
Discovery Protocol packet to the targeted IP camera," explains Cisco in the
advisory for the flaws CVE-2020-3506 and CVE-2020-3507. "A successful
exploit could allow the attacker to execute code on the affected IP camera or
cause it to reload unexpectedly, resulting in a denial-of-service (DoS)
condition." The Cisco cameras are vulnerable if they are running a firmware
version earlier than 1.0.9-4 and have the Cisco Discovery Protocol enabled.
Again, customers need to apply Cisco's update to protect the model because
there's no workaround. This bug was reported to Cisco by Qian Chen of
Qihoo 360 Nirvan Team. However, Cisco notes it is not aware of any malicious
activity using this vulnerability. The second high-severity advisory
concerns a privilege-escalation flaw affecting the Cisco Smart Software
Manager On-Prem or SSM On-Prem. It's tracked as CVE-2020-3443 and has a
severity score of 8.8 out of 10.
Fuzzing Services Help Push Technology into DevOps Pipeline
"Fuzzing by its very nature is this idea of automated continuous testing," he
says. "There is not a lot of human input that is necessary to gain the
benefits of fuzz testing in your environment. It's a good fit from the idea of
automation and continuous testing, along with this idea of continuous
development." Many companies are aiming to create agile software development
processes, such as DevOps. Because this change often takes many iterative
cycles, advanced testing methods are not usually given high priority. Fuzz
testing, the automated process of submitting randomized or crafted inputs into
the application, is one of these more complex techniques. Even within the
pantheon of security technologies, fuzzing is often among the last adopted.
Yet, 2020 may be the year that changes. Major providers and even frameworks
have focused on making fuzzing easier, says David Haynes, a product security
engineer at Cloudflare. "I think we are just getting started in terms of
seeing fuzzing becoming a bit more mainstream, because the biggest factor
hindering (its adoption) was available tooling," he says. "People accept that
integration testing is needed, unit testing is needed, end-to-end testing is
needed, and now, that fuzz testing is needed."
Why We Need Lens as a Kubernetes IDE
The current version of Lens vastly improves quality of life for developers and
operators managing multiple clusters. It installs on Linux, Mac or Windows
desktops, and lets you switch from cluster to cluster with a single click,
providing metrics, organizing and exposing the state of everything running in
the cluster, and letting you edit and apply changes quickly and with
assurance. Lens can hide all the ephemeral complexity of setting up cluster
access. It lets you add clusters manually by browsing to their kubeconfigs,
and can automatically discover kubeconfig files on your local machine. You can
manage local or remote clusters of virtually any flavor, on any infrastructure
or cloud. You can also organize clusters into workgroups any way you like and
interact with these subsets. This capability is great for DevOps and SREs
managing dozens or hundreds of clusters or just helping to manage cluster
sprawl. Lens installs whatever version of kubectl is required to manage each
cluster, eliminating the need to manage multiple versions directly. It works
entirely within the constraints each cluster’s role-based access control
(RBAC) imposes on identity, so Lens users (and teams of users) can see and
interact only with permitted resources.
Computer scientists create benchmarks to advance quantum computer performance
The computer scientists created a family of benchmark quantum circuits with
known optimal depths or sizes. In computer design, the smaller the circuit
depth, the faster a computation can be completed. Smaller circuits also imply
more computation can be packed into the existing quantum computer. Quantum
computer designers could use these benchmarks to improve design tools that
could then find the best circuit design. “We believe in the ‘measure, then
improve’ methodology,” said lead researcher Jason Cong, a Distinguished
Chancellor’s Professor of Computer Science at UCLA Samueli School of
Engineering. “Now that we have revealed the large optimality gap, we are on
the way to develop better quantum compilation tools, and we hope the entire
quantum research community will as well.” Cong and graduate student Daniel
(Bochen) Tan tested their benchmarks in four of the most used quantum
compilation tools. Tan and Cong have made the benchmarks, named QUEKO, open
source and available on the software repository GitHub.
Starting strong when building your microservices team
We’re used to hearing the slogan ‘Go big or go home’, but businesses would do
well to think small when developing microservices. Here, developing manageable
and reusable components will enable companies, partners and customers to use
individual microservices across an entire landscape of applications and
industries. In doing so, businesses aren’t restricting themselves to siloed
applications. In addition, driving success with microservices involves
considerable planning to ensure that nothing is left out. After all,
microservices-based architecture consists of many moving parts and so
developers should be mindful to guarantee service interactions are seamless
from start to finish. The pandemic has shone a spotlight on the role of
digital transformation in building up crisis resilience. Consequently,
businesses are turning en masse to digital and the market is evolving apace.
However, as operational and business models shift, companies must be mindful
to avoid becoming locked-in to cloud vendor technologies and platforms in such
a rapidly changing market. When working with a cloud partner, implementing
their platform and other solutions shouldn’t be a given – while such tools
will likely work fine in their own cloud environment, companies should be wary
of how they will operate elsewhere.
From Legacy to Intelligent ERP: A Blueprint for Digital Transformation
Today’s ERP configuration is for running today’s business. Most run in the
data center and capture, manage, and report on all core business transactions.
Tomorrow’s intelligent ERP goes far beyond this charter. If you want to be
part of the team transforming the business, then you should understand the
vision of where the company is targeting growth over the next several years.
What markets, products, and services are the priorities? What operations need
to scale? What improvements in workflows can free up cash or make financial
forecasting more reliable? How can you empower employees, teams, and
departments to work efficiently, safely, and effectively as some people return
to the office and others work remotely? Intelligent ERPs not only centralize
operational workflows and data from sales, marketing, finance, and operations.
These RPS also extend data capture, workflow, and analytics around prospects
and customers and their experiences interacting with the business. When fully
implemented, they enable a full 360-degree view of the customer across all
areas of the company that interface with them from marketing to sales, through
digital commerce, and from any customer support activities.
Researchers improve perception of robots with new hearing capabilities
Working out of the Robotics Institute at Carnegie Mellon University, Pinto, as
well as fellow researchers Dhiraj Gandhi and Abhinav Gupta, presented their
findings during the virtual Robotics: Science and Systems conference last
month. The three started the project last June, according to a release from
the university. "We present three key contributions in this paper: (a) we
create the largest sound-action-vision robotics dataset; (b) we demonstrate
that we can perform fine grained object recognition using only sound; and (c)
we show that sound is indicative of action, both for post-interaction
prediction, and pre-interaction forward modeling," they write in the study.
"In some domains like forward model learning, we show that sound in fact
provides more information than can be obtained from visual information alone."
In the published study, the three researchers said sounds did help a robot
differentiate between objects and predict the physical properties of new
objects. They also found that hearing helped robots determine what type of
action caused a particular sound. Robots using sound capabilities were able to
successfully classify objects 76% of the time, according to Pinto and the
study.
Running Axon Server in Docker and Kubernetes
“Breaking down the monolith” is the new motto, as we finally get driven home
the message that gluttony is also a sin in application land. If we want to be
able to change in step with our market, we need to increase our deployment
speed, and just tacking on small incremental changes has proven to be a losing
game. No, we need to reduce interdependencies, which ultimately also means we
need to accept that too much intelligence in the interconnection layer worsens
the problem rather than solving it, as it sprinkles business logic all over
the architecture and keeps creating new dependencies. Martin Fowler phrased it
as “Smart endpoints and dumb pipes”, and as we do this, we increase
application components’ autonomy and you’ll notice the individual pieces can
finally start to shrink. Microservices architecture is a consequence of an
increasing drive towards business agility, and woe to those who try to reverse
that relationship. Imposing Netflix’s architecture on your organization to
kick-start a drive for Agile development can easily destroy your business.
Quote for the day:
"Leadership is like beauty; it's hard to define, but you know it when you see it." -- Warren Bennis
