To fully secure your web applications, you need several software solutions, specialist internal resources, and external contractors. However, this means significant costs, and not everyone can afford it all at once. How should small businesses start their web application security journey? Let’s have a look…
Author Archives Tomasz Andrzej Nidecki
THE AUTHOR
Tomasz Andrzej Nidecki
Principal Cybersecurity Writer
Principal Cybersecurity Writer
How scanners find vulnerabilities
DAST vulnerability scanners are not that different from virus scanners. In both cases, the goal of the software is to find something out of the ordinary in the target. A virus scanner scans a computer’s local resources and storage to find potentially malicious software. A…
5 reasons why web security is important to avoid ransomware
Ransomware has been a source of major problems for many organizations in recent years. Many of them, aware of this situation, attempt to concentrate their efforts on protecting themselves against this class of threats. This often means that they shift their budgets away from web…
7 steps to avoid uncoordinated vulnerability disclosure
Imagine the following situation. You work as a cybersecurity manager for a company that owns the website www.example.com. One day, your sales department receives an email from an unknown individual. The sales department forwards it to you. The email has the following content: You example.com/login.php…
Hackers: The third pillar of security
Every business knows that to maintain security, you need the primary pillar: the right employees. Some businesses know that these employees also need the second pillar: the right tools such as Acunetix and Invicti. However, still, not enough businesses know how to deal with hackers…
Red teaming – 5 tips on how to do it safely
Red team vs blue team exercises are a very effective method to evaluate the security posture of your business. However, red teaming, due to its adversarial approach, carries certain risks that must be taken into consideration, both for the red team and the target business….
Threat modeling for web application security
Threat modeling is an activity that helps you identify and mitigate threats. It’s very important because it makes you look at security risks top-down, focus on decision-making and prioritize cybersecurity decisions, and consider how you can use your resources in the best possible way. There…
Penetration testing vs vulnerability scanning
Businesses often perceive vulnerability scanning as an alternative to penetration testing. This perception is wrong. An organization conscious of cybersecurity must include both these activities in their business processes and make sure that they work in unison. Missing out on one of them greatly decreases…
What is DevSecOps and how should it work?
DevSecOps stands for development, security, and operations. Similar to DevOps or SecOps, it is a concept that joins two previously separate roles into a unified environment. DevSecOps teams are responsible for providing conditions for continuous secure software development. Being a newer concept than DevOps, DevSecOps…