Cheltenham, UK
Jul 19, 2022   |  By Phil Condon
This article provides a breakdown of the most important Terraform security best practices to consider when implementing an Infrastructure as Code (IaC) environment. Terraform is a highly popular IaC tool offering multi-cloud support. IaC means that infrastructure is deployed automatically and configured at scale, which has immediate benefits for efficiency and consistency.
Jun 8, 2022   |  By Adam King
This article provides a synopsis of the Follina exploit and simple steps you can take to mitigate this severe remote code execution vulnerability within Microsoft Support Diagnostic Tool (MSDT). This vulnerability is triggered via common Windows applications such as Microsoft Word and is being actively exploited by known hacking groups.
Jan 20, 2022   |  By Tim
This article is the first in a series that will discuss some of the most common issues with HTTP security headers, which are often relatively easy to implement and can have a significant impact on the overall security posture of your application. We’ve previously talked about the proactive and reactive styles of application development and security testing. In this article, we discuss HTTP headers which are a common misconfiguration.
Nov 24, 2021   |  By Tim
Exchange admins now have another exploit to deal with despite still reeling from a number of high profile attacks this year including ProxyLogon and ProxyShell. A new high severity Remote Code Execution (RCE) exploit for on-premise Exchange Servers has been published and is being actively exploited in the wild.
Nov 10, 2021   |  By Tim
We’ve recently discussed application security and the trend we’re seeing in which companies are increasingly implementing security early on in the Software Development Life Cycle (SDLC). In our blog post exploring the impact of adopting application security, we described a common scenario involving assessing an application that was ready for release. Through the assessment, critical vulnerabilities were identified, such as an SQL injection, close to the go-live deadline.
Oct 27, 2021   |  By Tim
There is a movement in the IT security world that is gaining traction, and it is based around the implementation of security within applications from the beginning. You may have heard buzzwords like “AppSec”, “DevSecOps” and “Shift Left”, but what do they actually mean? What does it take to “Shift Left” when developing a secure application? You can read about dealing with dependencies in our blog post.
Oct 20, 2021   |  By Tim
The adoption of agile practices has resulted in the emergence of shift-lift testing, where testing is performed much earlier in the Software Development LifeCycle (SDLC). Traditional waterfall models performed testing to the right of, or following, development. The benefits of testing earlier and more often cannot be underestimated. However, where does this leave security and security testing?
Oct 6, 2021   |  By Tim
It has been a tough few months for Microsoft. After the SolarWinds/NOBELLIUM attacks, Microsoft Exchange customers were afflicted with a slew of vulnerabilities. In March 2021, the ProxyLogon vulnerability emerged, followed by an exploit that surfaced in April 2021 called NSA Meeting. In August 2021, Orange Tsai released a series of new vulnerabilities called ProxyOracle and ProxyShell, followed by the discovery of another Proxy flaw, dubbed ProxyToken.
Sep 24, 2021   |  By Tim
The Open Web Application Security Project (OWASP) is a not-for-profit organisation that aims, through community-led open-source projects, to improve the security of web-based software. OWASP develop and manage a public framework that documents the top 10 risks to application security, the OWASP Top 10. It provides developers and security professionals with the industry’s consensus on the most significant risks to web applications and recommends security controls to mitigate them.
Sep 8, 2021   |  By Tim
HTTP/3 is the third and upcoming major version of the Hypertext Transfer Protocol (HTTP) used across the web.HTTP has been the main protocol on the internet since the 1990s, with the second release (HTTP/2) introduced in 2015 as a major update with many new features. Whilst request methods and status codes will remain the same, HTTP/3 makes a departure from its predecessors by not using the Transport Control Protocol (TCP) as the underlying transport layer.

Sentrium is a CREST-Approved cyber security consultancy, powered by a combination of extensive business and technical expertise that provides you with the services you need to reduce your risk.

We are committed to global cyber security advancement, equipping businesses around the world with the awareness of their technical environment so they can be secure in the ever-changing threat landscape.

Our transparent, consultative approach reaches further into your organisation’s security posture to achieve impactful, valuable results.

  • Application: Protect sensitive information stored in your web and mobile applications by meticulously identifying vulnerabilities and recommending remediations before they can be exploited.
  • Cloud: Alleviate risks to your cloud security controls with rigorous analysis, assessment and recommendations that ensure the security of your cloud environment.
  • Infrastructure: Methodically target your technology’s security controls to uncover weaknesses in your technical environment and secure your network’s infrastructure.

Securing your technology, information and people.