Increasingly sophisticated cyberattacks against federal agencies highlight the urgent need to enhance federal cybersecurity. To help with this, CISA has published the Zero Trust Maturity Model to assist agencies in implementing zero trust architecture (ZTA) – and modern AppSec solutions are a crucial part of…
Stop compromising on web application security
Modern web applications are often in continuous development in highly automated workflows, so keeping them secure requires equally automated AppSec solutions. When you add to this a highly dynamic threat environment, manual security processes cannot hope to keep up. This post presents highlights from an…
Paul’s Security Weekly: Securing iframes using the sandbox attribute
Our Senior Security Researcher, Benjamin Daniel Mussler, has been invited to the Security Weekly podcast to talk about the security of iframes and, in particular, how to secure iframes using the sandbox attribute. Benjamin first talked about how traditional framesets have become completely obsolete but…
Debunking 5 cybersecurity posture myths
Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young information security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to work…
Web vulnerability classes in the context of information security certifications
For certifications such as CISSP, CISA, Security+, CASP+, or CySA+, web vulnerability classes make up only a small part of the knowledge required to pass the exam. For instance, the CISSP exam evaluates the student’s expertise in eight domains, and even advanced knowledge of subjects…
To build DevSecOps, you need both modern tools and cultural changes
The ATARC webinar and panel discussion Organized under the title “Shifting Security Left with DevSecOps,” the joint webinar brought together industry and government experts to talk about the everyday realities of application security efforts in government agencies and the latest tools available to support them….
OWASP Top 10 2021 – what’s new, what’s changed
The 2021 edition of the OWASP Top 10 is finally out*! Let’s have a look at what OWASP introduced/changed in their industry-standard checklist for web application security and let’s compare it with our predictions from last year for the OWASP Top 10 2021. Last but…
Finding and fixing security flaws in third-party software that you don’t have control over
There’s a popular bit of wisdom that says don’t stress over the things in your life that you cannot control. It’s great advice for all of us these days. Still, though, no matter how hard you try, there will be some things that are out…
Should you shift left or not?
Shifting left is now a popular trend in information security. Does that mean that you should hop on the bandwagon and tear your hair out just to shift your security left? No, it does not. Actually, in most cases, if you blindly jump on this…