By their very nature, web applications are constantly exposed to a wide range of attacks by cybercriminals, which is why web applications are a part of 26% of all breaches. Attackers continuously scan these exposed applications for known vulnerabilities, gathering intelligence to stage an attack. Once they have a significant collection of possible targets for […]
Imagine you have to check for danger on the other side of an impassable mountain you cannot walk around. What would you do? A low-tech solution would be to tunnel through and have a look. Swing by swing with a pickaxe to break the stone, and then shovel by shovel to haul the broken rock […]
Regardless of how diligent a development team is or how many security checks they run in their development environments, vulnerabilities will creep into production systems — and the very complex and ever-evolving nature of today’s production environments requires modern application security testing capabilities. The software security and quality challenge affects everyone. And without secure software, […]
Organizations spend a significant amount of time on security alerts that turn out to be false alarms. Research indicates that nearly 20% of alerts are not genuine, leading to wasted time on investigations instead of focusing on proactive security measures to enhance overall security. This is partly due to the fact that 59% of security […]
The NIST cybersecurity framework has been a go-to resource for defining cybersecurity strategies, policies, and activities ever since version 1.0 was published back in 2014. Originally intended specifically for US companies operating critical infrastructure, it soon gained popularity across all industries and is used by CISOs worldwide. February 2024 saw the launch of version 2.0 […]
What you need to know The xz-utils package in versions 5.6.0 and 5.6.1 includes a malicious backdoor that could, in specific circumstances and configurations, allow remote access to SSH sessions for remote code execution (RCE) on selected Linux systems. As a precaution, all Linux users are advised to ensure their xz-utils version is earlier […]
Focused on detection and response, security leaders might not think of DAST tools as an essential component of their AppSec toolbox. All too often, external vulnerability scanning is only performed during periodic third-party tests, giving you snapshots of your security posture that can be months out of date. What if you could run your own […]
The recent increase in the number of application security testing tools has caused confusion among buyers and vendors. Some have started to view DAST as just a checkbox item, prioritizing cost over quality. This rush for cheaper options is putting organizations at risk, often without the knowledge of security leaders. It’s time to differentiate between […]
What you need to know The Securities and Exchange Commission is accusing SolarWinds and its CISO of misrepresenting the company’s security situation before and after the 2020 SolarWinds Orion hack. The SEC’s action could set a precedent for holding security officers personally liable for security incidents and their consequences. The case has sparked a […]
There will always be a natural tension between cybersecurity teams and developers. Developers are paid to create and ship new applications, while security teams are responsible for ensuring that bad things don’t happen when new software is deployed, such as data breaches or loss of business services due to vulnerabilities. While this dynamic can create […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
