Latest News & Updates

DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations.  So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?

Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs.  This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.

In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all.  In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.

Prioritising application security has become a significant focus for modern businesses, and staying informed about the evolving security landscape is crucial for organisations looking to effectively enhance their application security.  A critical underpinning of safeguarding an enterprise lies in incorporating robust application security testing practices. The adoption of DevOps methodologies and the use of open-source code have accelerated the pace of application development, maintenance and delivery, but security challenges persist and require close attention. In a recent special Application Security Trends for 2023 report , approximately 70% of organizations recognize that application security has become one of their top three priorities. Simultaneously, nearly 90% of these organizations intend to enhance their application security measures. Application security attacks are the most prevalent type of external threats. No wonder enhancing application security is a priority and concern for organizational security leaders.

In the early days of the internet, most webpages were static, informational resources. As the internet matured however the power of the web to deliver richer content was leveraged, and static web pages were increasingly replaced by the adoption of dynamic web applications. Web applications deliver interactive experiences and often underpin vital commercial operations for businesses such as portals allowing customers to self-administer various account details, through to online retail sales, online banking, and more recently interactive online spreadsheets, project management, and customer relation management (CRM) tools. These web applications leverage technologies such as AJAX (“Ansychronous JavaScript and XML”) and HTML5. With AJAX, web applications can send and retrieve data from a server asynchronously (in the background) without interfering with the display and behaviour of the existing page, behaving almost the same as a locally installed traditional (compiled) application installed as an executable on a personal computer. By decoupling the data interchange layer from the presentation layer, AJAX permits web applications to update displayed content dynamically without the need to reload the entire page, and underpins the delivery of the recent Single Page Application phenomenon.

Training employees is an exercise implemented by high-level management or a person of authority within an organisation to provide employees ample opportunities to develop their skills, knowledge, qualifications, and certifications. In general, training schemes for employees should be consistently provided to ensure continual skill improvement, ensure workplace competence, and to refresh staff on their roles and responsibilities within their field of work. From a financial perspective, by consistently investing and developing your staff, your organisation should see an immense return on investment as employees can grow their knowledge base and improve their job skills to become more effective in the workplace. It’s often compulsory for some level of training (an induction) to be offered to new members of staff as you introduce them to their role. However, it’s just as worthwhile to provide training to existing members of staff, as it’s likely to help with the individual employee’s development, sense of value, and benefit your business in the process. There are several other reasons why it is important for employers to initiate consistent training programs for their employees. In this post, we are going to explore these benefits further but also discuss the implications it will have on your organisations, specifically within the field of Cyber Security.

Information Security Awareness Training is a strategy used to improve staff awareness, prevent, and mitigate user risk within your organisation while also helping employees understand their roles and responsibilities in combatting information security breaches.

What is ISO 27001? IS0 27001 is the international standard that provides the specification for an Information Security Management System, also known as an ISMS. Learn More... What is an ISMS? An ISMS is a systematic approach consisting of people, processes, and technology that supports your business by protecting and managing all your information through a risk management process.