Conducting a data protection impact assessment (DPIA) or privacy impact assessment (PIA) is a complex and challenging task. Nevertheless, it’s critical to do. Data privacy concerns have become a significant focus across all industries, and for good reason: data is at higher risk than ever before. In its 2020 Q3 Data Breach QuickView Report, Risk Based Security revealed that 36 billion records were exposed during the first three quarters of 2020.

Mapping and cataloging personal information collected from users is time-consuming. It is error-prone, and relies on hunting down information from multiple departments. For many teams, creating an accurate data flow map will be the hardest part of completing GDPR Article 35's data privacy impact assessment (DPIA) or any privacy impact assessment (PIA). Even for smaller businesses with limited departments and fewer software offerings, determining how data exists and how it moves can be a challenge.

Security is an essential part of any modern IT foundation, whether in smaller shops or at enterprise-scale. It used to be sufficient to implement rules-based software to defend against malicious actors, but those malicious actors are not standing still. Just as every aspect of IT has become more sophisticated, attackers have continued to innovate as well. Building more and more rules-based software to detect security events means you are always one step behind in an unsustainable fight.

These are anxious times for small and medium-sized businesses (SMBs). According to the U.S. Chamber of Commerce, 70% are concerned about financial hardship due to pandemic-related disruptions, and more than half are worried about having to close permanently. At the same time, SMBs are tasked with personnel management in an increasingly distributed and frequently fraught environment where employees are stressed and burned out. Collectively, it’s a sizable challenge for SMB leadership.

Demand for DevSecOps products has been growing strongly, as more companies realize the importance of integrating security into their DevOps pipelines. However, IT and DevOps pros who dive into the DevSecOps market looking for options quickly realize that the number of DevSecOps tools and frameworks is vast and confusing.

NeuraLegion’s VP Oliver Moradov takes us through how you can use JFrog and NeuraLegion to automate AppSec testing in your pipelines. The days of long release cycles are well and truly behind us — it is simply not feasible in our agile development world, with developers delivering software and more features at an unprecedented scale and speed. With DevOps, we have multiple development teams running multiple concurrent builds, which is great, but security testing has not kept up.

Every week, our global community of hand-picked Detectify Crowdsource ethical hackers submit new vulnerabilities that we make available to our users as automated security tests. In the new series Vuln of the Month, we deep-dive into an especially interesting vulnerability that was added to our scanner in the past month. First up: CVE-2020-10148, SolarWinds Orion Authentication Bypass. In January, Detectify added a security test for CVE-2020-10148, SolarWinds Orion Authentication Bypass.