Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Message Authentication Code (MAC) Using Java

This is the seventh entry in this blog series on using Java Cryptography securely. Starting from the basics we began diving deeper into various basic cryptographic primitives such as Cryptographically Secure Random Number Generator, symmetric & asymmetric encryption/decryption & hashes. After taking a brief interval, we caught-up with cryptographic updates in the latest Java version. Skip to the TL; DR

5 Identity and Access Management Best Practices

Stolen credentials are among the biggest threats to data security across industries, accounting for around 90% of data breaches. The identity and access management market — consisting of expertise, identity access management tools, and software, and training — is predicted to grow from about $10 billion in 2019 to over $22 billion by 2024. Here’s what you need to know about this increasingly important aspect of data security.

Nightfall simplifies data security & HIPAA compliance for SimpleHealth

SimpleHealth takes their company name to heart. They are a reproductive tele-health company, focused on building thoughtful and impactful services that enable patients to own their reproductive health journey. Today, the core vertical is an online birth control prescription and free home delivery service.

Bot Protection Beyond CAPTCHA

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is designed to prevent bots or spam attacks from accessing a webpage. Traditionally users were tasked with typing text from a simple image, but over time CAPTCHA has evolved into more complex images and voice recognition in response to the increasing sophistication of attacks.

How to cyber security: Containerizing fuzzing targets

Fuzzing can be dangerous. After all, you’re trying to break things. In fuzzing, you deliver deliberately malformed inputs to software to see if the software fails. If it does, you’ve located a vulnerability and can go back to the code and fix it. It’s an excellent, proactive method for software development organizations to fix security weaknesses. And it should be no surprise that fuzzing is also the preferred method for attackers who want to locate zero-day vulnerabilities.

3rd Party Security an Achilles Heel

It is common and intuitive to think that a security manager is responsible for the protection of their own team and organization. Spending the company’s resources on the security of another organization may sound unreasonable. However, recent events in the retail industry teach us otherwise. Today more than ever, as 3rd-party risk is gaining speed, executives are exposed to threats from unexpected directions and involving new weak points.

Detectify security updates for February 22

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

How to choose a Software Composition Analysis (SCA) tool

Whether you’re a developer or a security engineer, Software Composition Analysis—or SCA for short—is a term you will start to hear of more and more. If you haven’t already, that is. The reason for this is simple. Your company is increasingly relying on open source software and containers to develop its applications and by doing so is introducing risk in the form of security vulnerabilities and license violations.

10 step guide: How to be GDPR compliant

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, yet few organizations are completely compliant with its statutes. Complacency is dangerous territory. Non-compliant entities could be fined up to £18 million or 4% of annual global turnover (whichever is greater). This post clearly outlines the standards set by the GDPR and provides a checklist to help organizations remain compliant.