Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks are a growing threat, making it crucial for us to understand the tools and techniques available to secure applications. Today, we dive into the differences and similarities between Dynamic Application Security Testing (DAST) and Penetration Testing with insights from a Veracode industry expert and certified penetration tester, Florian Walter. DAST is an automated technique designed to identify security vulnerabilities in web applications and APIs during runtime.

Extended detection and response, better known as XDR, is a security technology that combines multiple point solutions, including but not limited to endpoint protection and endpoint security tools, into a unified incident detection and response platform. First described in 2018 by Palo Alto Networks' CTO Nir Zuk, XDR collects, correlates, and contextualises alerts from different solutions across endpoints, servers, networks, applications, and cloud workloads.

Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does not always equal security.

The Verizon 2024 Data Breach Investigations Report noted a 180% increase in exploited vulnerabilities over the previous year’s figures. The importance of keeping an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities cannot be understated.

This is why email compliance and archiving solutions are pivotal for shielding your electronic correspondence and ensuring it’s safely stored, retrievable, and compliant with industry regulations. The adoption of such solutions is indispensable for both private and public companies that generate large data volumes, which require extensive storage and reliable backup options for the reasons we’ll explain below.

As a CIO, I often wish for a world where the threat landscape is less expansive and complicated than it is today. Unfortunately, the reality is quite different. This month, I find myself particularly focused on the idea that our digital business would come to a grinding halt without the technology ecosystem that supports it. However, this very ecosystem also presents significant risks.

Security budgets naturally compete with other priorities for funding, and finance departments traditionally prioritize immediate financial gains over long-term investments. Cybersecurity, with its focus on prevention, is often seen as an element that’s ‘nice to have’ rather than a necessity. Especially when compared to tangible projects with quicker returns, cybersecurity initiatives can be left chronically underfunded. Where do we spend? And where are the attacks coming from?

Cybercriminals never sleep, and their aim keeps getting better. According to new research from Abnormal Security, phishing attacks targeting organizations in Europe shot up by a staggering 112.4% between April 2023 and April 2024. Meanwhile, US organizations weren't spared either, with phishing attempts increasing by 91.5% over the same period. Phishing may be an old-school social engineering tactic, but it's no joke.

I am excited to see Apple’s recent expansion of identity support in Apple Business Manager, their device and app lifecycle management tool for the enterprise. Simply put, it enables wider adoption of Managed Apple IDs by allowing organizations to use corporate email addresses as corporate Apple IDs, and integrate with a broader range of identity providers (IdPs) beyond Google Workspace and Microsoft Entra ID.

When building an application that requires user authentication, implementing a secure login flow is critical. In this article, we'll walk through how we created a robust OAuth login flow for ggshield, our Python-based command line tool, to streamline the onboarding process for our users.