Monthly Archives: June 2012

Filling the Gap in Identity and Access Governance

Identity and Access Management: Filling the Gap in Identity and Access Governance

Traditional identity solutions focus on access to applications, but that misses as much as 80 percent of corporate data.

We’ve entered the age of access governance. Organizations need to know who has access to what data and how they were granted that access. Identity and Access Governance (IAG) solutions address these issues while managing enterprise access. They provide visibility into access, policy and role management, and risk assessment—and they facilitate periodic entitlement reviews of access across numerous systems. Most enterprise IAG solutions are missing a key piece to the puzzle, though: unstructured data.

[Read the full article in TechNet Magazine]

Jonathan Cran, Fiddler2 – Episode 293 – June 21, 2012

Jonathan Cran is the CTO of Pwnie Express. Previously, he built and ran the quality assurance program for Metasploit, where he focused on automated testing, bug smashing and release engineering. He blogs at Pentestify.com.

How do you intercept HTTP or HTTPS traffic from an application other than a browser? We have seen this on a number of different penetration tests in the past few months and thought we should talk a bit about one of our favorite tools for the task, fiddler.