Ethical hacking vs. the law – will you get arrested for a good deed?

Ethical hacking can be a slippery business, especially when companies don’t clearly specify it in their terms of use and local laws don’t make the distinction between ethical and malicious hacking. A recent case in Malta has reignited the discussion about finally introducing legislation that would protect ethical hackers from criminal action for responsibly reporting … Continue reading Ethical hacking vs. the law – will you get arrested for a good deed? →

Data Security Guide: What is Data Security, Threats, and Best Practices

(Ghostwritten for Kevin Gallagher) What is data security? Data security is frequently defined as a set of safeguards designed to prevent unauthorized access and theft of digital data. These measures cover everything from the security of various software layers to configurations and underlying policies and procedures. Some of the most common technologies and mechanisms used … Continue reading Data Security Guide: What is Data Security, Threats, and Best Practices →

So your developers don’t care about security? They shouldn’t have to

When Mark Curphey recently blogged that developers cannot and will not care about security even though “AppSec people have been complaining for years that security should be a priority for all developers,” we (as the AppSec people) had to react – and found that we agree with him on nearly all counts. Say your company … Continue reading So your developers don’t care about security? They shouldn’t have to →

Five key benefits of data encryption for security

(Ghostwritten for Zoran Cocoara) There are no perfect data security measures and security solutions. There is no way to prevent a data breach. However, even if your precautionary cybersecurity measures fail, there is a simple way to render the leaked or stolen data virtually useless to cybercriminals – data encryption. How does encryption work? Encrypting … Continue reading Five key benefits of data encryption for security →

5 Data Security Tips for Tech Companies Working in a Hybrid Work Environment

(Ghostwritten for Zoran Cocoara) The speed at which change comes to our lives can be overwhelming, affecting organizations even more than individuals. While hybrid or fully remote work models were bound to be “the thing” sooner or later, the 2020 onset of the pandemic poked us all in the back with a hot stick, and … Continue reading 5 Data Security Tips for Tech Companies Working in a Hybrid Work Environment →

5 reasons why a bug bounty program is not enough

Setting up a bug bounty program is a popular way to test and improve your web application security with the help of ethical hackers from across the world. Understanding what bounty programs can and (more importantly) cannot do for your organization is crucial for getting the most out of them and ensuring you’re spending your … Continue reading 5 reasons why a bug bounty program is not enough →

The false sense of security in the cloud

When moving their applications to the cloud, many organizations assume that cloud services will also cover all cybersecurity, including web security. In reality, whatever cloud service level you go with, web application security is something you always need to cover on your own. Businesses have various reasons to move to the cloud. Some do it … Continue reading The false sense of security in the cloud →

5 reasons why web security is as important as endpoint security

Protecting your company laptops and other endpoints from malware is a fundamental and common-sense practice. Keeping your websites and applications safe from constant cyberattack attempts should be equally obvious – yet many organizations still don’t pay nearly enough attention to their web application security. Here are five reasons to redress that balance. Would you say … Continue reading 5 reasons why web security is as important as endpoint security →

Data Loss Prevention Guide: What Is DLP, Risks & Solutions

(Ghostwritten for Roman Foeckl) When in June 2022, an employee of BIPROGY fell asleep on the street of Osaka and lost COVID-19 tax relief data stored on a USB memory stick, many of us laughed, but some shivered in terror. What may seem funny to many was terrifying to owners and managers of sensitive data because … Continue reading Data Loss Prevention Guide: What Is DLP, Risks & Solutions →

7 reasons why development teams skip security steps

Studies confirm that bypassing security during application development is the rule rather than the exception – but why? Learn to recognize common signs that your organization isn’t doing everything it should to support secure software development. Back in 2021, the Invicti Fall AppSec Indicator revealed that a full 70% of development teams skip security steps. To … Continue reading 7 reasons why development teams skip security steps →