The Fall 2021 Invicti AppSec Indicator has made us aware of an incredibly high percentage of development teams that have admitted to skipping security steps. There is a 70% chance that this happens in your business, leaving your web applications exposed to malicious hacker attacks. Here are potential reasons that you should explore as a business leader, along … Continue reading 7 reasons why development teams skip security steps
On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary security experts, Bogdan Calin, “it’s the biggest vulnerability we have ever seen, which … Continue reading Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever
Businesses like yours have different reasons to move to the cloud. Some do it primarily to save on hardware. Others go further and outsource services to reduce the need for their own resources. Those who want to outsource administration and related services often believe that this outsourcing also includes cybersecurity. But does it? The big … Continue reading The false sense of security in the cloud
All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of fixing them. You can find several detailed guides on how … Continue reading Secure coding practices – the three key principles
Recently, I came across an article that referred to web application security as code security and I hope it was just a slip of the tongue. If you really think web application security is the same as code security, you are leaving a gaping hole in your security practices – and this hole has been … Continue reading Code security is not enough!
You protect your every office computer with an antivirus. You install firewalls to prevent unwanted access to your network. But what do you do to secure your website? And what can happen if it’s not secured? This article is aimed at website owners that are not experts in website security or web application security – … Continue reading What is website security – how to protect your website from hacking
Security-related vocabulary includes a lot of words with imprecise meanings. Two such terms that give me a headache when used in the web application security context are the verbs to secure and to protect. But this headache is nothing compared to the one I get when I see that businesses actually believe that tools alone can secure/protect their … Continue reading You are the only one who can secure and protect your web applications
The term continuous security in the context of web application security is best understood when paired with well-known terms continuous integration and continuous deployment (CI/CD). Continuous security means that security is part of a continuous process – DevSecOps or, even better, SecDevOps. The confusion around the word continuous What makes the term continuous security slightly confusing is the fact that the word continuous can have several meanings … Continue reading What is continuous web application security?
Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young information security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to work for specialized security businesses and focus for example on manual penetration … Continue reading Debunking 5 cybersecurity posture myths
The 2021 edition of the OWASP Top 10 is finally out*! Let’s have a look at what OWASP introduced/changed in their industry-standard checklist for web application security and let’s compare it with our predictions from last year for the OWASP Top 10 2021. Last but not least – let’s analyze what the changes in OWASP Top 10 mean … Continue reading OWASP Top 10 2021 – what’s new, what’s changed