Security-related vocabulary includes a lot of words with imprecise meanings. Two such terms that give me a headache when used in the web application security context are the verbs to secure and to protect. But this headache is nothing compared to the one I get when I see that businesses actually believe that tools alone can secure/protect their … Continue reading You are the only one who can secure and protect your web applications
The term continuous security in the context of web application security is best understood when paired with well-known terms continuous integration and continuous deployment (CI/CD). Continuous security means that security is part of a continuous process – DevSecOps or, even better, SecDevOps. The confusion around the word continuous What makes the term continuous security slightly confusing is the fact that the word continuous can have several meanings … Continue reading What is continuous web application security?
(Ghostwritten for Ivan Galea) The more we move to the cloud, the more we are getting used to the fact that the cloud providers relieve us of many responsibilities. Such an approach has its pros and cons. A cloud provider is certainly able and willing to provide many services that would otherwise consume your IT … Continue reading 5 reasons why you should not rely on SaaS provider backup solutions
(Ghostwritten for Steven Paton) In 1950, one of Britain’s most famous mathematicians, Alan M. Turing, proposed a test that could be used to evaluate artificial intelligence. In this test, a human judge observes a simple text conversation between two parties, knowing that one is a human and the other one is a machine but not … Continue reading The CX-Virtual Agent – Am I Really Not Talking to a Human?
(Ghostwritten for Jack Mizzi) On October 4, 2021, the social media giant Facebook, along with its services Instagram and WhatsApp, experienced a major outage that lasted several hours, sending both social media enthusiasts and, more importantly, businesses relying on social media into a state of panic. “Was it a malicious hacker attack? Is Facebook down for good?” … Continue reading Understanding the Facebook Blackout
Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young information security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to work for specialized security businesses and focus for example on manual penetration … Continue reading Debunking 5 cybersecurity posture myths
(Ghostwritten for Dale Schembri) Some businesses leave their data completely unprotected and never lose it. Some people run across eight lanes of the Marsa bypass in the rush hour and reach the other side unharmed. In both cases, it’s a matter of calculating whether the cost of acting safely is worth it when compared to … Continue reading How safe is your data?
The 2021 edition of the OWASP Top 10 is finally out*! Let’s have a look at what OWASP introduced/changed in their industry-standard checklist for web application security and let’s compare it with our predictions from last year for the OWASP Top 10 2021. Last but not least – let’s analyze what the changes in OWASP Top 10 mean … Continue reading OWASP Top 10 2021 – what’s new, what’s changed
Shifting left is now a popular trend in information security. Does that mean that you should hop on the bandwagon and tear your hair out just to shift your security left? No, it does not. Actually, in most cases, if you blindly jump on this bandwagon, you could be shooting yourself in the foot. Here’s why. … Continue reading Should you shift left or not?
The HTTP header injection vulnerability is a web application security term that refers to a situation when the attacker tricks the web application into inserting extra HTTP headers into legitimate HTTP responses. HTTP header injection is a technique that can be used to facilitate malicious attacks such as cross-site scripting, web cache poisoning, and more. These, in turn, may … Continue reading What is HTTP header injection