Sunday, November 27, 2016

2016-047: Inserting Security into the SDLC, finding Privilege Escalation in poorly configured Linux systems


Just a quick episode this week...

As part of the Brakesec Book Club (join us on our #Slack Channel for more information!) we are discussing Dr. Gary McGraw's book "Software Security: Building Security In" (Amazon Link: https://is.gd/QtHQcM)

We talk about the need to inserting security into your company's #SDLC... but what exactly can be done to enable that? I talk about abuse cases, #risk #analysis, creating test cases, pentesting, and #security #operations are all methods to do so.

Finally, I discovered a blog talking about ways to discover configuration errors on Linux systems that might allow #privilege #escalation to occur. Using these tools as part of your hardening processes could lower the risk of a bad actor gaining elevated privileges on your *unix hosts

http://rajhackingarticles.blogspot.com/2016/11/4-ways-to-get-linux-privilege-escalation.html

You can find the github of this script and the audit software that I mentioned below:

 
 
Lynis (from CISOfy: https://cisofy.com/lynis/
 
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-047-inserting_security_into_the_SDLC_finding_Linux_priv_esc.mp3
 
iTunes:
 
YouTube:
 

 


Here is a new episode of Brakeing Down Security Podcast!

No comments: