Microsoft's ASP.NET Core enables users to more easily configure and secure their applications, building on the lessons learned from the original ASP.NET. The framework encourages best practices to prevent SQL injection flaws and cross-site scripting (XSS) in Razor views by default, provides a robust authentication and authorization solution, a Data Protection API that offers simplicity of configuration, and sensible defaults for session management.

Have you ever noticed how closely your role as the CISO of your organisation resembles that of the Wizard from “The Wizard of Oz?” As the Wizard, you are expected to be all-knowing, all-seeing and all-powerful. Your role is to keep everyone safe from the evils of the world while frantically pulling levers, pressing buttons and turning dials behind the curtain.

In 2020, remote work became not just a trend but a must for many companies. Yet ensuring secure telecommuting turned out to be a challenge for cybersecurity teams: Remote employees tend to use insecure tools, work in unprotected environments, and mismanage sensitive data. All of this increases the risk of insider threats. In this article, we take a close look at the challenges remote employees bring and the risks they can pose to your organization.

CVE-2020-27223 is a denial of service vulnerability discovered in the Eclipse Foundation’s popular Jetty web server.

Hey there, The European Union Agency for Cybersecurity (ENISA) has recently published its NIS Investment report - a survey conducted on European organisations identified as Operator of Essentials Services (OES) and Digital Service Providers (DSP).

The modern technology landscape is ever-changing, with an increasing focus on methodologies and practices. Recently we’re seeing a clash between two of the newer and most popular players: DevOps vs DevSecOps. With new methodologies come new mindsets, approaches, and a change in how organizations run. What’s key for you to know, however, is, are they different? If so, how are they different? And, perhaps most importantly, what does this mean for you and your development team?

COVID-19 vaccines are starting to roll out after a year of grappling with the pandemic. While this certainly inspires hope for the future, there are still risks on the road ahead. As distribution ramps up, vaccine-related cybersecurity concerns are also rising. Cybercrime has been a prominent side effect of the pandemic throughout the past year. This wave of cyberattacks shows no signs of slowing as vaccines roll out, with some threat actors targeting distribution.

Google Cloud Platform (GCP) is attracting a lot of companies, large and small, with its stability and many built-in services. But aggregated security monitoring has to be done via an external service. However, log aggregation for security purposes is a mandatory requirement of many standards and regulations. Those include GDPR, HIPAA, SOX, PSD2, PCI-DSS, ISO 27001 and many more.

Software supply chain security concerns are more prevalent than ever. The U.S. Pentagon, Department of State, Department of Homeland Security, Microsoft, FireEye – this is just a partial list of the government agencies and companies hacked as a result of the attack on SolarWinds’ proprietary software – the Orion network monitoring program.

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access to source code (Clarke, Dorwin, and Nash, n.d.).