There is a common tendency that the typical DAST scanner finds the easiest to locate known security vulnerabilities. If you need to find vulnerabilities that are more difficult to detect – you need the help of security experts. But what if the DAST product could behave more like an automated hacker? The Security Research team at Detectify set themselves up to solve this problem and fundamentally upgrade the way we do fuzzing in our vulnerability scanner, Deep Scan.

Recent years have seen a sharp increase in the number of reported security vulnerabilities, along with quite a few notorious attacks on enterprise applications. Organizations have reacted by increasing their investment in AppSec and DevSecOps, including the widespread adoption of AST (application security testing) tools.

The saying “Good people, great nation” truly captures the essence of Nigeria- also known as the land of hope and opportunity. It is a nation that promotes healthy business growth with vibrant people with friendly energy expressed through diverse creative expressions. The development of the fintech industry in the past few years has been a shining star in the Nigerian economy, with the potential to shine brighter—even through the hurdles posed by the ongoing COVID-19 crisis.

In this pandemic-defined era of rapid retail transformation, the digital shopping experience has become tantamount to the success of the business. As a result, retailers have redoubled their efforts to improve digital applications and services.

Hancitor (AKA CHanitor, Tordal) is a popular macro-based malware distributed via malicious Office documents delivered through malspam. In the latest campaigns, particularly active between October and December 2020, the malware has been distributed via DocuSign-themed emails asking the victims to review and sign a document. The fake DocuSign link downloads a Microsoft Word document whose malicious macro, once enabled, installs the Hancitor malware.

Every cloud has its own identity and access management system. AWS and Google use a bunch of JSON files specifying various rules. Open source projects like Kubernetes support three concurrent access control models - attribute-based, role-based and a webhook access control, all expressed using YAML. Some teams are going as far as inventing their own programming language to solve this evergreen problem.

The key to successfully implementing DevOps practices is relationships. It’s about breaking down the existing silos between different functions that deliver software, like development and operations. These functions need to work toward a common goal, efficient software delivery.

To celebrate International Women’s Day on March 8 and the upcoming Day of Shecurity conference on March 23, I guest hosted the Lookout podcast Endpoint Enigma for an episode. I enlisted the support of my colleague Victoria Mosby to share our experiences navigating the cybersecurity sector. In addition to working as a federal sales engineer at Lookout, Victoria is also an active member of the Lookout Foundation and the Day of Shecurity initiative.

Business Email Compromise (BEC) scammers, who have made rich returns in recent years tricking organisations into transferring funds into their accounts, have found a new tactic which attempts to swindle Wall Street firms out of significantly larger amounts of money. According to a newly published-report by Agari, scammers are seeking to defraud Wall Street businesses and their customers out of US $809,000 on average per incident.

We sat down with industry experts from Bluebeam and Egnyte on March 3, 2021 to tap into their insights and predictions on the Top 10 Construction and Engineering Technology Trends going into 2021.