Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever
On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary... Read more The post Critical ... Read More
The false sense of security in the cloud
Businesses like yours have different reasons to move to the cloud. Some do it primarily to save on hardware. Others go further and outsource services to reduce the need for their own resources. Those who want to outsource administration and related services often believe that... Read more The post The ... Read More
Secure coding practices – the three key principles
All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of... Read more The post Secure ... Read More
Code security is not enough!
Recently, I came across an article that referred to web application security as code security and I hope it was just a slip of the tongue. If you really think web application security is the same as code security, you are leaving a gaping hole... Read more The post Code ... Read More
You are the only one who can secure and protect your web applications
Security-related vocabulary includes a lot of words with imprecise meanings. Two such terms that give me a headache when used in the web application security context are the verbs to secure and to protect. But this headache is nothing compared to the one I get... Read more The post You ... Read More
What is continuous web application security?
The term continuous security in the context of web application security is best understood when paired with well-known terms continuous integration and continuous deployment (CI/CD). Continuous security means that security is part of a continuous process – DevSecOps or, even better, SecDevOps. The confusion around... Read more The post What ... Read More
Paul’s Security Weekly: Securing iframes using the sandbox attribute
Our Senior Security Researcher, Benjamin Daniel Mussler, has been invited to the Security Weekly podcast to talk about the security of iframes and, in particular, how to secure iframes using the sandbox attribute. Benjamin first talked about how traditional framesets have become completely obsolete but... Read more The post Paul’s ... Read More
Debunking 5 cybersecurity posture myths
Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young information security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to work... Read more The post Debunking ... Read More
OWASP Top 10 2021 – what’s new, what’s changed
The 2021 edition of the OWASP Top 10 is finally out*! Let’s have a look at what OWASP introduced/changed in their industry-standard checklist for web application security and let’s compare it with our predictions from last year for the OWASP Top 10 2021. Last but... Read more The post OWASP ... Read More
Should you shift left or not?
Shifting left is now a popular trend in information security. Does that mean that you should hop on the bandwagon and tear your hair out just to shift your security left? No, it does not. Actually, in most cases, if you blindly jump on this... Read more The post Should ... Read More
