The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.


5 reasons you need to pen test in 2021

Now that 2021 is proving to not be the fresh start many hoped for, it’s time to re-examine the security lessons learnt in 2020. As the transformational business challenges of the last 12 months demonstrated, security should always be high on the agenda no matter what your organisation size. After all, as we revealed in our 2021 annual cyber security industry report, hackers don’t care what size or type of business you are – only if you’re an easy target.


The Solarwinds Breach Highlights the Need for Desired State Enforcement

The recent Solarwinds hack is the latest headline grabbing zero day to send shockwaves throughout the information security community. It was a sophisticated supply chain attack that incorporated several forensic countermeasures and impacted a number of large government institutions and private companies.


How to cyber security: Faceplanting in 10 lines of code

Sometimes it’s hard to convince people that security needs to be part of every software development process. “We passed all our tests,” they might tell you. “Isn’t that good enough?” The problem is that functional testing usually focuses on the happy path—a place where users act rationally, systems behave well, and nobody is attacking your application.


AppSec Bites Part 1: Balancing Speed and Thorough AppSec Coverage

In today’s world, speed wins. Just take Amazon for example. You can place an order with the click of a button and have it delivered to your door in under twenty-four hours. Retailers that can’t compete with Amazon’s speed are falling behind. The same level of speed and efficiency is expected with technology. Companies are in a race to deliver new and innovative technology first. But aside from speed, companies are also concerned about the security of their software.


Applying 3 Practical Lessons from the SolarWinds Breach

It’s been more than a month since the SolarWinds breach first started dominating security headlines, and we’re still learning new details about the attacks and the organizations affected. Even as the discussion quiets down, it’s easy to imagine we’ll still be looking back and analyzing the full effects of these incidents in much the same way we talk about other seminal breaches and security events from the past 20 years.


IT security under attack: Credential dumping attacks in Windows environments

Most of the time, threat actors in the cybersecurity landscape don’t employ advanced techniques and tools to intrude and establish a foothold within networks. Often, they disguise malicious operations by mimicking the activities of legitimate users, leaving behind little to no footprint. Blending malicious actions with day-to-day IT activities helps attackers maintain a low profile and remain undetected for a longer period.


Education, certifications, and cybersecurity

The question of cybersecurity certifications comes up very frequently on discussion boards. What is the best certificate to get? Is a college degree better for getting a cybersecurity role? What education or skills are needed for various cybersecurity roles? And many, many more. In this post, I'll try to clarify some of these questions and more.