Who We Are
Our seurity is a leading provider of online cyber security training and consultancy services.
We offer comprehensive online cyber security training for security professionals and aspiring security professionals. Through our VIP membership, you get unlimited access to all the training material you need to become a highly paid cyber security professional! Grow your skills and advance your career with Station. Try the Station Cyber Security School yourself.We specialise in utilising cutting-edge technology, extensive knowledge and experience, to help clients identify vulnerabilities and reduce business risk from cyber security attacks.What We Do for YouThrough careful analysis and industry-leading solutions, we help you avoid security breaches and service interruptions that cost you money and erode the trust of your customers.If you have been attacked, we help minimise damage and resume normal business operations quickly. We also provide top-of-the-line employee training to reduce human error from your cyber threat profile.All of our solutions are practical, budget-friendly and can be customised to fit your particular needs.
There’s an obvious but important rule in cybersecurity: the quicker you find out about a weak spot, the stronger the chances of being able to fix it before it causes any damage. It follows that if someone else notices an issue before you do, you should make it as straightforward as possible for them to tell you about it.
It’s best practice to have a set procedure for this (aka a vulnerability disclosure policy). If you don’t have one yet, the UK’s main cybersecurity agency has just launched a toolkit to help you quickly build your own.
Here’s the lowdown on vulnerability disclosure policies; who needs one and why - along with a closer look at the new toolkit.
What is a vulnerability disclosure policy?
A vulnerability disclosure policy provides a clear channel for people to report problems. Think of it as a kind of neighborhood watch scheme for your internet assets.
It might be a tech expert who’s been looking over your code and who wants to tell you about a backdoor vulnerability. Or it could be a customer who’s just noticed that the tracking feature on your new fitness app reveals the home postcodes of nearby users (something you almost certainly didn’t intend to happen!).
Do we need a vulnerability disclosure policy?
If your organization connects with outsiders via internet channels, computer software or hardware that you control, it’s usually advisable to have a policy in place.
Examples of assets that should be covered by such a policy include your website, your company app and connected equipment (e.g. smart meters).
You may also want to establish a separate policy to cover the technology your staff use internally. This is especially relevant now that so many of us work remotely. As an example, let’s say a company has created its own web hub for communications and for accessing work systems. You need a set procedure for users to notify you of any issues with it - no matter where they happen to be based.
What are the benefits of a policy?
It shows that you take security seriously. Your reputation is all-important. With a clear vulnerability disclosure policy in place, you are showing the world that you are alive to the cybersecurity and privacy risks that are out there - and you are proactive in addressing them. In short, you’re a safe pair of hands for doing business with.
Testing only takes you so far. Your new app has just launched. The code has been checked and rechecked; the beta testing went well and you’re confident that all issues have been fixed. But even with all the right safeguards in place, bugs can still slip through the net. Some vulnerabilities may only be detectable further down the line. Your vulnerability disclosure procedure becomes part of your ongoing strategy for safeguarding your assets.
Putting white hat hackers to work. There are lots of experts out there who love to pick out organizations, delve into their infrastructure and test their virtual fences to find the security gaps. A vulnerability disclosure policy gives you a framework for building a positive relationship with this white hat hacker community. It provides a formalized channel for these individuals to reach out to you.
Staying ahead of the law. At the minute, vulnerability disclosure falls under the category of best practice. In other words, it’s something that responsible companies are encouraged to do - rather than being forced into it. But this is changing, and in the next few years, we’re likely to see a global trend in favour of mandatory disclosure policies. In the UK for instance, a law is being drawn up that will force all manufacturers of consumer smart gadgets to have vulnerability disclosure programs in place. Meanwhile, the US Cybersecurity and Infrastructure Security Agency (CISA) has just made it mandatory for all US government agencies to instigate disclosure policies. Acting now pre-empts being forced to act later on.
What should a policy contain?
In 2017, the US Department of Justice published a framework for organizations looking to implement vulnerability disclosure policies. These guidelines have become the global standard for companies, and you can read them here.
There are five basic components:
What is the new toolkit?
The UK’s National Cyber Security Centre (NCSC) has released a guideline for companies to set up their own policy.
This includes a policy template that you can adapt. It also includes a Security.txt code extract that allows you to integrate a secure web form into your website. This ensures that the person reporting a problem can contact you easily and securely. It also provides a clear link to your actual policy.
You can access the toolkit here.
If you are looking to grow your cyber security skills and advance your career, I have a Cyber Security Career Development Platform where you can get VIP membership to over 1,000 classes, virtual labs, practice tests, and exam simulations.
Security breaches and service interruptions cost you money and erode the trust of your customers. Nobody wants to do business with a company they don’t trust.
Station X offers a comprehensive Penetration Testing Service to help you identify security vulnerabilities before they result in potentially devastating breaches.
With this service, we will locate and verify system vulnerabilities, such as operating system, network, application and service flaws, improper configurations, and even risky end-user behaviour.
It will cover the areas vital to your business operation including web application, network, cloud, database, VOIP, infrastructure, application, mobile, wireless, social engineering, SCADA and more.
At the completion of the service, you’ll get a detailed report that will give you a very clear picture of your system’s defence mechanisms, your existing vulnerabilities, and a prioritised list of simple steps to remove those risks.
This valuable information will allow you to shore up your system and:
With our Source Code Review Service, we will carefully review your software and identify security vulnerabilities as well as violations of best practices, security design issues and much more.
This service can be administered on-site, remotely or a combination of both.
First, we’ll gain a thorough understanding of your software design, including its purpose, background, framework and environment.
Then we’ll extensively analyse your software. If vulnerabilities are found, we will evaluate them for business impact, prioritise them and recommend mitigation actions.
Our Source Code Review is able to find vulnerabilities that go unnoticed during traditional application testing because our Source Code Review process is much more exhaustive and goes deeper into the design of the software.
Among other issues, our Source Code Review is great for uncovering injection, XSS, CSRF, authentication, and session management vulnerabilities in bespoke or proprietary code sets. We use the latest methods;
If you are concerned about an attacker exploiting vulnerabilities in your software, which can lead to the costly loss of intellectual property and/or proprietary information, this service can help you identify and remove them before any damage is done.
The last thing you want after a device or system build is to see it fall victim to an attack.
With our Build Reviews Service, we will assess how secure your devices and/or systems are and if they have been configured and deployed not just for maximum security – and maximum performance – but in accordance with your company’s build procedures and security practices.
Our Build Review Service covers:
In each case, we will carefully evaluate your configuration for its effectiveness at resisting attacks and responding to common security threats.
If your company is like most in that you follow a generic build for workstations, servers and other devices, you should know that this approach may cause the same generic security flaws to be passed from station to station or device to device.
At Station X, we will ensure the security of your builds so that you have complete confidence and peace of mind that they comply with regulatory and internal standards.
Information we collect
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.
How we use your information
We use the information we collect in various ways, including to:
Provide, operate, and maintain our webste
Improve, personalize, and expand our webste
Understand and analyze how you use our webste
Develop new products, services, features, and functionality
Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the webste, and for marketing and promotional purposes
Send you emails
Find and prevent fraud
Selesecurity follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
Cookies and Web Beacons
Like any other website, Selesecurity uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.