Recent Tweets
News / Advisories
21 May 2016

Alpharetta dentist's office hit by virus

VerSprite's Tony Uceda Velez advises on ransomware virus affecting Alpharetta dentist's office.

Alpharetta dentist's office hit by virus
20 Feb 2016

Someone Seriously Dropped the Ball During the San Bernardino Shooting Investigation

VerSprite's Tony Uceda Velez quoted regarding iPhone unlocking case for the San Bernardino Shooting investigation. See the complete article below

Someone Seriously Dropped the Ball During the San Bernardino Shooting Investigation
16 Nov 2015

Emory students say they were targeted by scam calls

VerSprite's Tony Uceda Velez quoted in Atlanta area news investigation regarding social media scamming reported by Emory students. See the article below.

Emory students say they were targeted by scam calls
22 Sep 2015

Western Digital My Cloud Devices Can Be Hacked by Local or Remote Attackers

Security researchers at VerSprite have tested and discovered a few vulnerabilities in Western Digital's My Cloud NAS (Network Attached Storage) hard drive, marketed by the company as your own personal cloud server.

Watch WD My Cloud Command Injection video
Watch WD My Cloud Remote Root with WebRTC video

See the article below.

Western Digital My Cloud Devices Can Be Hacked by Local or Remote Attackers
13 May 2015

FBI investigating after pornographic image appears on billboard

VerSprite's Tony Uceda Velez quoted in Atlanta area news investigation regarding billboard hacking. See the article below.

FBI investigating after pornographic image appears on billboard
13 May 2015

Flaws in alternative Android browsers pose underestimated risk

VerSprite research led by Benjamin Watson on 10 alternative Android browsers has found at least one major security vulnerability in all of them, posing a significant security risk for enterprise Android users.

Watch the exploit video

See the complete article

Flaws in alternative Android browsers pose underestimated risk
16 Sep 2014

Programmers unknowingly inherit development framework security issues

Developers increasingly rely on a variety of open source components, but a VerSprite researcher warns that security issues accompany many popular frameworks. See the complete article below.

Programmers unknowingly inherit development framework security issues
15 Dec 2013

Credit Union News - Use of Hybrid Assessments for Cost-Effective Security Analysis

This webcast overviews our Hybrid Risk Assessment Methodology (HRAM). We discuss how HRAM is more effective and efficient than other current assessments, the cost-savings, HRAM's benefits in today's changing threat landscape, and how HRAM produces a more unified picture of your organization's risks, making them easier to address and over come.

Listen to Webcast
15 Dec 2013

TechTarget - Reframing Compliance with a Threat Model

In this feature, VerSprite discusses using a threat model to integrate compliance regulations into daily business activities, ensuring that requirements are met in a functional way that benefits the business' overall security.

Reframing Compliance with a Threat Model
15 Dec 2013

TechTarget - How to Use Compliance Automation to Reduce Compliance Risk

VerSprite outlines how to reduce compliance risk by using automation tools to help increase compliance assessments' reliability and value.

How to Use Compliance Automation to Reduce Compliance Risk
15 Dec 2013

TechTarget - Managing Big Data Privacy Concerns - Tactics for Proactive Enterprises

As big data becomes more popular, companies must know how to react. VerSprite outline the benefits of using big data, some privacy concerns associated with big data, and best practices to ensure big data is not used inappropriately.

Managing Big Data Privacy Concerns: Tactics for Proactive Enterprises
15 Dec 2013

OWASP PodCast Series - Threat Modeling

Jim Manico from the OWASP Foundation interviews Tony UcedaVelez on the aspects of threat modeling as well as other rapid fire topics around application security.

Listen to PodCast
15 Jun 2013

TechTarget - Closing the gap between IT Security Risk Management and Business Risk

Tony Uceda Velez discusses the importance of translating IT security risk into business risk, and how to do so in a way that emphasizes the potential cost to the business.

Closing the gap between IT security risk management and business risk
10 Jun 2013

TechTarget - An Introduction to Web Application Threat Modeling

VerSprite briefly introduces web application threat modeling in this video, giving a summary of how threat modeling works and the business benefits to having a working threat model.

15 May 2013

TechTarget - FedRAMP Basics - Taking the Mystery Out of Cloud Security Assessment

While FedRAMP helps organizations understand what to secure within the cloud, it does not completely take care of security. VerSprite discusses the pros and cons on FedRAMP in this video.

15 Nov 2011

BSides ATL - Making Your Own Web Security P.A.S.T.A

This 2011 BSides presentation introduces the P.A.S.T.A Threat Modeling methodology that is a risk or asset centric way to perform threat modeling on application environments. The purpose of the web cast is to introduce what steps, resources, and testing support this new methodology aimed at delivering a collaborative approach that leverages elements of risk assessments, business impact assessments, pen tests, vulnerability scans, social engineering, incident management and more.

15 Oct 2010

BSides ATL - Applying Threat Modeling Beyond the Hype

This talk is about reviewing the vulnerabilities discovered for Java Web Application Frameworks, the impact they present, and why stack traces should never be considered a low risk. It will serve as an introduction to the vulnerability classes, how to identify and test for them in web application security assessments and penetration tests.