The Open Web Application Security Project (OWASP) is a not-for-profit organisation that aims, through community-led open-source projects, to improve the security of web-based software. OWASP develop and manage a public framework that documents the top 10 risks to application security, the OWASP Top 10. It provides developers and security professionals with the industry’s consensus on the most significant risks to web applications and recommends security controls to mitigate them.

Our team of penetration testers arguably have the most interesting and exciting roles within the business, or perhaps, in the world. From robbing banks to breaking and entering, pen testing isn’t your typical desk job. So we’ve asked them to share some of their most interesting stories to really give you career envy! Let’s see what we can find out about a day in the life of a pen tester.

Network traffic analysis is the routine task of various job roles, such as network administrator, network defenders, incident responders and others. Wireshark plays a vital role during the traffic analysis; it comes pre-installed in many Linux OS’s, for instance, Kali. otherwise, it is available to download from the official website. This article covers the traffic analysis of the most common network protocols, for example, ICMP, ARP, HTTPS, TCP, etc.

We’re excited to share that you can now use Snyk Container to scan container images stored in many more container registries. The latest additions include Github Container Registry, Nexus, DigitalOcean, GitLab Container Registry, and Google Artifact Registry.

The Open Web Application Security Project (OWASP), founded by Mark Curphey, first released the OWASP Top 10 Web Application Security Risks in 2003. The Top 10 is the closest the development community has to a set of commandments on how to build secure applications. This list represents the most critical risks to software security today and is recognized by developers as the first step toward creating more secure code.

Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.

Early in my career, I developed web applications. At the time there were practically no frameworks or libraries to help. I was coding with Java using raw servlets and JSPs – very primitive by today's standards. There was no OWASP Top 10 and writing secure code was not something we paid much attention to.

The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands. In an updated advisory, the Department of Treasury’s Office of Foreign Assets Control (OFAC) has called upon businesses not to pay ransoms, and to focus on cybersecurity measures that can prevent or mitigate ransomware attacks.

Zero Trust is a security model — a strategy for protecting an organization’s IT assets, including data, services and applications. The Zero Trust model is built upon research more than a decade ago by analysts at Forrester, and it is now recommended by many security experts and vendors, including Microsoft. Zero Trust is a security architecture model that requires no implicit trust to be given in any quarter.

As tech budgets start to return to a pre-pandemic state, it will be interesting to see where priorities have shifted to over the past year and a half – especially when it comes to cybersecurity. We’ve taken a look at a few major industry reports to give you an idea of shifting plans, and where cybersecurity sits as a priority in 2022 budgets.