Over the years, FINN.no has been doing a lot of different security assessments: from the classical one test per release to regular on-site review and testing by security professionals, and more extensive bi-yearly tests.

Still, last year we discovered that the average lifetime of vulnerabilities found in production was higher than expected. The average lifetime was several years, and the outliers had been in production for a decade! We realized that the way we had done security testing did not keep up with all the changes in FINN.

The “release test” made sense back in the day when we had…


Intro: Black Hat vs DEFCON

Black Hat “Business Hall”

In August I attended the security conferences Black Hat and DEFCON in Las Vegas. The cons are organized back to back, with the Black Hat Briefings on the first two days of the week and then DEFCON from Wednesday till Sunday morning. Even though they are organized by the same core group of people, both conferences have a distinct feeling and culture. Black Hat is the classical well-organized conference with a more corporate culture, while DEFCON is on the other side of the spectrum with attendees really breathing hacker culture. …

Emil Vaagland

code & infosec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store