Ethical hacking can be a slippery business, especially when companies don’t clearly specify it in their terms of use and local laws don’t make the distinction between ethical and malicious hacking. A recent case in Malta has reignited the discussion about finally introducing legislation that would protect ethical hackers from criminal action for responsibly reporting … Continue reading Ethical hacking vs. the law – will you get arrested for a good deed?
Category: Invicti
So your developers don’t care about security? They shouldn’t have to
When Mark Curphey recently blogged that developers cannot and will not care about security even though “AppSec people have been complaining for years that security should be a priority for all developers,” we (as the AppSec people) had to react – and found that we agree with him on nearly all counts. Say your company … Continue reading So your developers don’t care about security? They shouldn’t have to
5 reasons why a bug bounty program is not enough
Setting up a bug bounty program is a popular way to test and improve your web application security with the help of ethical hackers from across the world. Understanding what bounty programs can and (more importantly) cannot do for your organization is crucial for getting the most out of them and ensuring you’re spending your … Continue reading 5 reasons why a bug bounty program is not enough
The false sense of security in the cloud
When moving their applications to the cloud, many organizations assume that cloud services will also cover all cybersecurity, including web security. In reality, whatever cloud service level you go with, web application security is something you always need to cover on your own. Businesses have various reasons to move to the cloud. Some do it … Continue reading The false sense of security in the cloud
5 reasons why web security is as important as endpoint security
Protecting your company laptops and other endpoints from malware is a fundamental and common-sense practice. Keeping your websites and applications safe from constant cyberattack attempts should be equally obvious – yet many organizations still don’t pay nearly enough attention to their web application security. Here are five reasons to redress that balance. Would you say … Continue reading 5 reasons why web security is as important as endpoint security
7 reasons why development teams skip security steps
Studies confirm that bypassing security during application development is the rule rather than the exception – but why? Learn to recognize common signs that your organization isn’t doing everything it should to support secure software development. Back in 2021, the Invicti Fall AppSec Indicator revealed that a full 70% of development teams skip security steps. To … Continue reading 7 reasons why development teams skip security steps
5 major benefits of early security testing
Vulnerabilities that are discovered just before a release can derail the entire development schedule or even force companies to compromise on security to deliver on time. Using automated application security testing from the earliest possible stages of your SDLC reduces that risk, bringing major benefits for the entire organization. It’s no secret that early application … Continue reading 5 major benefits of early security testing
7 steps to avoid uncoordinated vulnerability disclosure
Do you know what to do if contacted by an ethical hacker about a vulnerability in your systems? Above all, don’t panic – here are 7 steps to help you communicate properly, resolve the issue, avoid uncoordinated disclosure, and improve your security in the long run. Imagine you are the cybersecurity manager for a company … Continue reading 7 steps to avoid uncoordinated vulnerability disclosure
5 reasons why web security is crucial to avoid ransomware
Web vulnerabilities are a key part of many ransomware attack chains, even those that start from a phishing email. This post puts together five reasons why eliminating web vulnerabilities is vital to prevent ransomware attacks. Ransomware has been a source of major problems for organizations worldwide in recent years. Aware of this situation, many have … Continue reading 5 reasons why web security is crucial to avoid ransomware
Which open-source vulnerability scanner is right for you?
Are you considering using an open-source vulnerability scanner to secure your web applications? In some cases, this is an excellent idea, but in other circumstances, it may reduce your initial costs only to greatly increase them later. Let us guide you and show you the factors you should consider as well as some of the … Continue reading Which open-source vulnerability scanner is right for you?
Tomasz Andrzej Nidecki (tonid) 