Without understanding security risks, organizations may ignore critical vulnerabilities. In a Security Intelligence article, Larry Ponemon of the Ponemon Institute and Neil Jones recently reported on a dangerous lack of application risk awareness. Even though there are an increasing amount of threats out there for app developers and users, high-ranking members of companies don’t seem to be keeping up with the latest issues.
This blog previously examined the first five points on OWASP‘s Internet of Things Top Ten, a list of internal and external vulnerabilities. This trend has led to potential design flaws as developers fail to build proper security measures into their devices. A 2011 Cisco report alleged that 50 billion devices could connect to the Internet by 2020. In 2003, this number wasn’t even higher than 1 billion.
OWASP has an extensive list of 10 vulnerabilities that could affect the Internet of Things. As presented on its official website, the list covers a variety of areas that developers should focus on if they want greater protection. Since the IoT continues to be a strong driving force in technology, businesses should seize the chance to build stronger software while they still can. Within the next five years, billions of new devices could become connected, including more ...Continue Reading →
This blog previously looked at the fundamental concepts behind application security testing and which methods work for which threats. Now that you know what those are, let’s look closer at the threats themselves, based on the Open Web Application Security Project 2013 Top Ten.
For successful security testing, companies may need to take a wide stance, covering as many possible types of attacks as they can for comprehensive protection. PSC is taking a closer look at the fundamentals of testing, so businesses can learn the full breadth of what goes into successful practices. Today, we will look at the general concepts behind testing, as well as essential types of attacks to be aware of.
Your development firm has several different methods at its disposal to test an application throughout the software development lifecycle (SDLC). Each has its own advantages and disadvantages, and to understand which is best, companies should think carefully about the kind of testing that works for their product.
The Open Web Application Security Project (OWASP) details a list of the top 10 web application privacy risks in 2015 in this PowerPoint presentation. Each one illustrates a way that software security testing can better benefit a company that prepares. In this post, we’ll take a closer look at the second item on the list: operator-sided data leakage.
The Open Web Application Security Project presents 10 key risks for online security. Over the next couple of weeks, we will look closer at these 10 key risks and discuss what practices might help mitigate the risks of each.
Today, we’ll examine the fifth item on the list: “Non-transparent Policies, Terms and Conditions”.
According to information from OWASP, on an impact scale from one to three (1 = “limited” damage and ...Continue Reading →
It might seem like there’s nothing farther from the world of IT security than the natural one, but there might be more of a connection than you’d think. By looking closely at the ways animals protect themselves, some are discovering effective ways to meet security challenges by copying our animal friends. This is called “biomimicry,” and it’s actually a big part of scientific advances, as this Deloitte article by global chief information security officer JR ...Continue Reading →