tl;dr; SaaS apps often have poor security. Before deciding to use one do a quick security review. Read privacy statements, ask for security docs, and test authentication practices, crypto and console.log information leaks before deciding if you want to trust the app or not. This post gives you a handy checklist to breeze through your … Continue reading Do you consider security when buying a SaaS subscription?
Consider this: internet is down. Power is out. And the water in the tap is no longer safe to drink. The stores are basically out of groceries. And the banking sector is not working. No mobile payments. No credit cards accepted. And no ATM's are working. Scenarios like this may be dystopia but are perhaps … Continue reading When society breaks down: how do we respond?
Business continuity and emergency preparedness have become familiar concepts for many businesses - and having such risk management practices in place is expected in many industries. In spite of this, apart from software companies, inclusion of cybersecurity and preparing for handling of serious cyber attacks and security incidents is far from mature. Many businesses have … Continue reading How to build emergency preparedness for cybersecurity incidents
Container technologies are becoming a cornerstone of development and deployment in many software houses - including where I have my day job. Lately I've been creating a small web app with lots of vulnerabilities to use for security awareness training for developers (giving them target practice for typical web vulnerabilities). So I started thinking about … Continue reading Packaging a Node app for Docker – from Windows
Phishing is still the most common initial attack vector. Mass mailed spam is now taking cues from targeted campaigns, improving conversion rates through personalization and the use of seemingly authoritative content. Scammers are getting better at targeting. Sharpen your defenses today - including your awareness training!Here are some indicators that can help identify phishing: Sender: … Continue reading How to recognize a customized spear-phishing email
The first few days of 2018 have been busy for security professionals and IT admins. As Ars Technica put it: every modern processor has "unfixable" security flaws. There are fixes - sort of. But they come with a cost: computers will run up to 30% slower because of it, depending on the type of work … Continue reading How the meltdown CPU bug adds 50 million tons of CO2 to the atmosphere