The 2021 edition of the OWASP Top 10 is finally out*! Let’s have a look at what OWASP introduced/changed in their industry-standard checklist for web application security and let’s compare it with our predictions from last year for the OWASP Top 10 2021. Last but…
Finding and fixing security flaws in third-party software that you don’t have control over
There’s a popular bit of wisdom that says don’t stress over the things in your life that you cannot control. It’s great advice for all of us these days. Still, though, no matter how hard you try, there will be some things that are out…
Should you shift left or not?
Shifting left is now a popular trend in information security. Does that mean that you should hop on the bandwagon and tear your hair out just to shift your security left? No, it does not. Actually, in most cases, if you blindly jump on this…
What is HTTP header injection
The HTTP header injection vulnerability is a web application security term that refers to a situation when the attacker tricks the web application into inserting extra HTTP headers into legitimate HTTP responses. HTTP header injection is a technique that can be used to facilitate malicious…
Web security basics: Is your web application safe?
In our old advertisements, you could often read that 70 percent of websites are hackable. The sad truth is, however, that every website and web application can be hacked, given enough time and resources. What makes a website or web application fall within the 70 percent…
Choosing the web application security solution that is right for you
Do you have a headache trying to choose the right web application security solution? Well, we sure hope it’s Acunetix, but it might not be! We won’t try to convince you that we are the one – that would be unprofessional because we know nothing…
US government agencies given a new deadline to secure critical software
The Office of Management and Budget (OMB) released a memorandum on August 10, 2021, in response to Executive Order (EO) 14028, Improving the Nation’s Cybersecurity. The EO recognizes the importance of software security to protect against malicious cyber attacks that threaten the American people’s security…
Is it good? Ask the developer!
We’re so used to the image of the “security guy” who takes care of all the cybersecurity needs in the company that it keeps security siloed and makes progress impossible. We have to get rid of that image and realize that in some cases, notably…
Black Hat 2021: What we don’t know may be the greatest cybersecurity threat
I always come away from the Black Hat USA cybersecurity conference having learned something new, feeling inspired, and imbued with just the right amount of angsty determination to do my part to help improve what is, in my opinion, one of the most pressing collective…