Hiring your first application security engineer can be a challenge. Here are some tips to increase your chances for success.
CARVESYSTEMS.COM
So you’ve decided to hire an application security engineer? Here’s what you need to know. | Carve Systems
Binary exploitation of an IoT device with Carve consultant Danny Rousseau
CARVESYSTEMS.COM
Owning a device with a single jump | Carve Systems
Do Application Security Unicorns exist?
CARVESYSTEMS.COM
So you’ve decided to hire an application security engineer? Here’s what you need to know. | Carve Systems
Application Security Team building strategies
CARVESYSTEMS.COM
So you’ve decided to hire an application security engineer? Here’s what you need to know. | Carve Systems
Zoom has had a tough week. While usage has been setting new records they have had to cope with a slew of security gaffes that have received lots of media attention. Concern over some of these issues is justified. However, Zoom seems to be getting more than its fair share of condemnation from the security researcher community. What is going on?
CARVESYSTEMS.COM
Don’t get Zoomed! | Carve Systems
DC Rainmaker dives deeper into the Zwift 'hack' which Brad Dixon [Principal Consultant at Carve Systems, LLC] presented at #DefCon last week.
"This past Sunday at Def Con (considered one of the more rambunctious events on the circuit) a presentation was given around Zwift and ‘hacking’ it – titled 'Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks.' Now one has to understand that while in the ‘mainstream’ the term ‘hacking’ is usually akin to ‘breaking’, in the computer world, the term ‘hacking’ is often a bit more nebulous. Sometimes used interchangeably with ‘tweaking’ or ‘optimizing’, and sometimes used in the less ideal variant such as ‘credit cards were hacked’. So one has to take any usage of that term with a bit of sanity check to see what’s going on.
In this case, the presentation was given by Brad Dixon (with support from Mike Zusman), security researchers with the consulting firm Carve Systems. This company has historically done penetration testing for other organizations (pen testing is trying to see if you can break into a system), but has switched in recent years to a more holistic security consulting approach where they do pen testing and then assist companies in making the fixes. More or less this is run of the mill security company stuff, nothing too crazy.
In this case though, two of the employees there are also avid cyclists and wanted to see where what they could do from a Zwift standpoint security-wise."
#esports #defcon27 #hacks #zwift #cybersecurity
DC Rainmaker
August 14, 2019 at 10:41 AM ·
No, Zwift Racing Wasn’t Hacked. Yet. Sorta. Let Me Explain // This past weekend a presentation was given at a security conference about hacking Zwift. I dive into what was and wasn't shown, what's already out there, and what the indoor training companies really need to do to address this. Dive in for this wild ride: https://www.dcrainmaker.com/2019/08/no-zwift-racing-wasnt-hacked-yet-sorta-let-me-explain.html
