Author Archives Tomasz Andrzej Nidecki

THE AUTHOR

Tomasz Andrzej Nidecki
Principal Cybersecurity Writer

Tomasz Andrzej Nidecki (also known as tonid) is a Primary Cybersecurity Writer at Invicti, focusing on Acunetix. A journalist, translator, and technical writer with 25 years of IT experience, Tomasz has been the Managing Editor of the hakin9 IT Security magazine in its early years and used to run a major technical blog dedicated to email security.

Code security is not enough!

Web Security Zone | November 22, 2021 by Tomasz Andrzej Nidecki

Recently, I came across an article that referred to web application security as code security and I hope it was just a slip of the tongue. If you really think web application security is the same as code security, you are leaving a gaping hole…

What is website security – how to protect your website from hacking

Web Security Zone | November 18, 2021 by Tomasz Andrzej Nidecki

You protect your every office computer with an antivirus. You install firewalls to prevent unwanted access to your network. But what do you do to secure your website? And what can happen if it’s not secured? This article is aimed at website owners that are…

You are the only one who can secure and protect your web applications

Web Security Zone | November 15, 2021 by Tomasz Andrzej Nidecki

Security-related vocabulary includes a lot of words with imprecise meanings. Two such terms that give me a headache when used in the web application security context are the verbs to secure and to protect. But this headache is nothing compared to the one I get…

What is continuous web application security?

Web Security Zone | November 1, 2021 by Tomasz Andrzej Nidecki

The term continuous security in the context of web application security is best understood when paired with well-known terms continuous integration and continuous deployment (CI/CD). Continuous security means that security is part of a continuous process – DevSecOps or, even better, SecDevOps. The confusion around…

Paul’s Security Weekly: Securing iframes using the sandbox attribute

Web Security Zone | October 7, 2021 by Tomasz Andrzej Nidecki

Our Senior Security Researcher, Benjamin Daniel Mussler, has been invited to the Security Weekly podcast to talk about the security of iframes and, in particular, how to secure iframes using the sandbox attribute. Benjamin first talked about how traditional framesets have become completely obsolete but…

Debunking 5 cybersecurity posture myths

Web Security Zone | September 30, 2021 by Tomasz Andrzej Nidecki

Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young information security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to work…

OWASP Top 10 2021 – what’s new, what’s changed

Web Security Zone | September 23, 2021 by Tomasz Andrzej Nidecki

The 2021 edition of the OWASP Top 10 is finally out*! Let’s have a look at what OWASP introduced/changed in their industry-standard checklist for web application security and let’s compare it with our predictions from last year for the OWASP Top 10 2021. Last but…

Should you shift left or not?

Web Security Zone | September 16, 2021 by Tomasz Andrzej Nidecki

Shifting left is now a popular trend in information security. Does that mean that you should hop on the bandwagon and tear your hair out just to shift your security left? No, it does not. Actually, in most cases, if you blindly jump on this…

What is HTTP header injection

Web Security Zone | September 13, 2021 by Tomasz Andrzej Nidecki

The HTTP header injection vulnerability is a web application security term that refers to a situation when the attacker tricks the web application into inserting extra HTTP headers into legitimate HTTP responses. HTTP header injection is a technique that can be used to facilitate malicious…

Take action and discover your vulnerabilities