Silhouettes of business people

Don’t forget the people

Some statistics claim that 90% of security breaches involve human error. That means human error is the biggest cyber security risk for your company.

The pandemic and remote working make this even more critical than before. There’s been a huge increase in attacks since the start of the pandemic. Working from home has a different set of risks. And your friendly IT support person is no longer a desk away.

Continue reading
World map with the word "hacked"

Has your website been hacked?

We must, and do, worry about the security of our web applications and our data. But don’t forget that a simple website can also be hacked.

Often companies outsource their website development. This may be due to a lack of technical skills, or because they think it is a “marketing” job. It doesn’t matter what size your website is, or who developed it. Any website can be a target for attacks.

So this question is important for all of us: Has your website been hacked?

Continue reading
Illustration of hand clicking on button marked NOW

Four Things To Check NOW

We’ve looked at many topics over the past few weeks. It’s easy to delay taking action by focusing on the concepts. And with so much information, it can be difficult to know where to start.

So today I am giving you a list of four things that you can – and must – tackle right now. I’ll also give you the links to the articles again, in case you want a quick refresher.

Continue reading
SDLC with Testing hightlighted and the word RAST

Building better security (8): RASP

I’ve been sharing ideas on how to build security into your development process. An important step in the development process is testing.

There are many techniques used in security testing. It’s useful to understand the different approaches, and their advantages and disadvantages. So far we’ve looked at SAST, DAST and IASP. (I’ve included the links at the bottom, in case you missed any.)

This week we look at Runtime Application Self-Protection, aka RASP.

Continue reading
SDLC with Testing hightlighted and the word IAST

Building better security (7): IAST

I’ve been sharing ideas on how to build security into your development process. An important step in the development process is testing.

There are many techniques used in security testing. It’s useful to understand the different approaches, and their advantages and disadvantages. So far we’ve looked at Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). This week we look at IAST. (If you missed any of the previous posts, I’ve included all the links at the bottom.)

Continue reading