Defence in Depth – Final Part – Update software, Isolate services

Update software and components Whether it’s a server’s operating system, a web server, a database server or even a client-side JavaScript library, an application should not be running software with known vulnerabilities. Updating, removing or replacing software or components with known vulnerabilities sounds obvious, but it’s a significant problem that thousands of organizations struggle to […]

Read More →

Defence in Depth – Part 4 – Validate everything, Parameterize SQL queries

Trust no one, validate everything Unfortunately, most vulnerabilities at the application layer can’t simply be patched by applying an update. In order to fix web application vulnerabilities, software engineers often need to correct mistakes within the application code. It’s therefore ideal for software engineers to understand the security risks associated with user input. At the […]

Read More →

PWC Global State of Information Security Survey 2016

Price Waterhouse Coopers have just published a report about cybersecurity. Not about the attacks and threats themselves, but about how businesses are tackling the risks. Titled the Global State of Information Security Survey 2016, its key findings relate to measures such as external collaboration and cybersecurity insurance. In summarising some of the main security strategies […]

Read More →