The SANS 2021 Automation and Integration Survey is now available for download, focusing on the question: First we walked, now we run – but should we? Let’s face it, we’ve talked about security automation for years. We’ve grappled with what, when and how to automate. We’ve debated the human vs machine topic.

Python has been deemed as a “simple” language — easy to use and easy to develop scripts to do numerous tasks — from web scraping to automation to building large-scale web applications and even performing data science. However, dependencies are managed quite differently in Python than in other languages, and the myriad options of setting up an environment and package managers only add to the confusion.

Detectify collaborates with Crowdsource, our private network of ethical hackers to help our customers access the latest critical security research and secure their web apps. With a hot hack summer, we saw a lot of devastating breaches which casted a negative view onto hackers as criminals. At Detectify, we believe that hackers are our allies.

When smaller firms are hit by a cyberattack, the cost can be devastating. One out of four businesses with 50 or fewer employers report paying at least $10,000 to resolve an attack. And for organizations with fewer than 500 employees, insider incidents alone cost an average of $7.68 million, according to the Ponemon Institute's 2020 Cost of Insider Threats report.

Taking a proactive approach to threat hunting in cybersecurity is crucial, especially today when attacks are more stealthy and more complex than ever. What this means is that the olden ways of cybersecurity relying on time-consuming manual workflows are slowly becoming obsolete, and cybersecurity teams must be supported by active learning intelligence in their threat hunting processes.

In our recent blog, Who Do You Trust? OAuth Client Application Trends, we took a look at which OAuth applications were being trusted in a large dataset of anonymized Netskope customers, as well as raised some ideas of how to evaluate the risk involved based on the scopes requested and the number of users involved. One of the looming questions that underlies assessing your application risk is: How does one identify applications? How do you know which application is which? Who is the owner/developer?

As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip Ingram MBE and Emanuel Ghebreyesus, strategic account director for Tripwire, spoke about several topics including: You can read some of the highlights from their conversation below.

LUCERNE, SEPTEMBER 2021: SECUDE, a leading Digital Rights Management (DRM) solutions provider based on Microsoft Azure Information Protection (AIP) today announced that its flagship product HALOCAD® extends data-centric security across PLM and Multi-CAD integrations.

The theme of this year’s National Coding Week (from 13th September) is “digital skills stories”, where people share their career stories to help inspire others to get into coding. Whether you are a student interested in a future career in coding, someone already in the industry looking for a new challenge, or even if you don’t know how to code but want to learn, there is plenty of inspiration to be found.

Are you putting your organization at risk with outdated security strategies? Embrace next-gen AppSec to reduce security risks without impeding DevOps. Application development practices continue to evolve, enabling development teams to deliver applications at a pace never before thought possible. At the same time, cyber-criminals have developed new levels of attack strategies and intensified their focus, making it more important than ever to scrutinize applications for security vulnerabilities.