A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Is Your Application Sending Email as Securely as Possible? Breadcrumb Home Insights Source Zero Is Your Application Sending Email as Securely as Possible? May 27, 2021 Many web applications use email as a mechanism for user verification, password resets, real time notifications and much more. But security testers and threat modelers will warn application designers to minimize this use, as the confidentiality of SMTP email is not guaranteed. Of course, business needs often override these warnings and applications will in fact send and sometimes receive sensitive data through email. How can application testers verify that this is being done in the most secure way possible? Most of the application testing tools and training are oriented toward the web front end of applications. Not many tools are available to directly test the security of a back-end email server. While SMTP dates from 1982, Internet email has had many enhancements and upgrades since then. From the addition of TLS encryption in SMTP itself around 1999 a long series of add-on specifications have been put forward. Each deals with a specific aspect of email delivery. Some of these include Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), MTA Strict Transport Security (MTA-STS), SMTP TLS Reporting (TLS-RPT) and several more. These standards allow an email server to mitigate many types of threats. Most of these standards are very familiar to commercial email vendors and IT professionals but may have escaped notice by application testers and penetration testers. This presentation will explain how these standards fit into the application security world, and what threats to the application they mitigate. It will be shown how application security testers can verify these standards are configured and being used properly in a given application environment. Some free web-based tools and techniques will be demonstrated for testing some of these, as well as more robust testing methods using Burp Collaborator and other tools. Share:
Would you like to speak to an advisor? How can we help you today? Image E-Book Cybersecurity Field Guide #13: A Practical Approach to Securing Your Cloud Transformation Download Now Image Events Register for an Upcoming OptivCon Learn More Ready to speak to an Optiv expert to discuss your security needs?