One of the biggest challenges when it comes to embracing the development of Single-Page Apps is security testing. SPA security testing can’t just be about crawling the frontend URLs and using spiders like in traditional security testing. So how can you make sure you're properly testing your SPAs?
There will always be a natural tension between cybersecurity teams and developers. After all, it's the developer's role to "develop." They want and are paid to create and ship new applications and features that help move the organization forward. It's the role of security, however, to make sure bad things don't happen when new software is deployed, such as suffering from a data breach or the loss of availability of business services due to vulnerable software.
Probely offers a streamlined approach to setting up and performing comprehensive scans on targets protected with 2FA without compromising the robust protection that 2FA offers to your websites and applications.
API security should not be viewed as a luxury, but rather as a requirement. As APIs have become indispensable for modern applications and services in our increasingly interconnected digital landscape, they need safeguards shielding them against the numerous threats and malicious actors of the digital world.
Who owns the responsibility of the software development lifecycle (SDLC) in your business? It’s easy to assume, through a traditional lens, that the CEO and/or Board of Directors might ultimately be responsible for what takes place throughout the SDLC
For some time now, public companies in the United States have been on notice that the Securities and Exchange Commission (SEC) is tightening down on the reporting of security incidents. Now that the compliance deadlines are here, it seems a bit more real. As a complement to my recent webinar "SEC Cybersecurity Ruling: Application security + incident response" this piece serves as a recap and a checklist on what businesses – both public and private – need to be focusing on now that the SEC disclosure rules are here.
Back in 2021, Google launched, alongside other organisations, a new security baseline for products known as the Minimum Viable Secure Product. Now, 2 years later, they've released an update to that standard.
The Security Headers grading criteria is something that doesn't change often, but when it does, there's a good reason behind the change. In this blog, I will outline the new grading criteria and the reasons why we've made the change.
In the world of cyber security, knowledge is power, and Security Headers has been a trusted ally for web developers around the world for years. For the first time ever, thanks to the support of our partnership with Probely, we’re going to delve into the treasure trove of historic scan data and explore the insights it can provide.
Let’s take a look at my big takeaways from this year’s event and what I’ve learned. Beyond great briefings and learning from those around me, events like Black Hat are also a great opportunity to make and develop connections. We had countless members of the security community stop by our booth for a selfie and some swag, we attended countless social events and even hosted our own!