tl;dr; SaaS apps often have poor security. Before deciding to use one do a quick security review. Read privacy statements, ask for security docs, and test authentication practices, crypto and console.log information leaks before deciding if you want to trust the app or not. This post gives you a handy checklist to breeze through your … Continue reading Do you consider security when buying a SaaS subscription?
If you are like most people, you don't read privacy statements. They are boring, often generic, and seem to be created to protect businesses from lawsuits rather than to inform customers about how they protect their privacy. Still, when you know what to look for to make up your mind about "is it OK to … Continue reading Why you should be reading privacy statements before using a web site
One of the vulnerabilities that are really easy to exploit is when people leave super-sensitive information in source code - and you get your hands on this source code. In early prototyping a lot of people will hardcode passwords and certificate keys in their code, and remove it later when moving to production code. Sometimes … Continue reading Avoid keeping sensitive info in a code repo – how to remove files from git version history
The EU is ramping up the focus on privacy with a new regulation that will be implemented into local legislations in the EEC area from 2018. The changes are huge for some countries, and in particular the sanctions the new law is making available to authorities should be cause for concern for business that have … Continue reading What does the GDPR (General Data Protection Regulation) mean for your company’s privacy protection and cybersecurity?