The Open Web Application Security Project (OWASP) Top 10 is a consensus list of the top web application security concerns, guiding testers and developers. The 2021 version includes new categories and relabelled items, providing a great resource for application security and audit/compliance. Leverage the OWASP Top 10 to spread awareness and make sure you don't miss out on anything.
This blog post defines GDPR Compliance for web application and API security, lists its potential technical and business impacts for the critical risks, explains how the Probely scanner can help with GDPR compliance and provides examples of what you can do right now to get started.
SAST has its place, DAST is great at finding the majority of flaws that the bad guys are going to uncover, and IAST offers unique approaches to complex situations. At a minimum, DAST should be your main focus. Step back and consider your application environment, your internal resources and expertise, as well as your budget.
As a Small Business owner, your security is probably not at the top of your to-do list. Even though we constantly see headlines of big breaches and corporations being targets of sophisticated attacks, small businesses that suffer from web-based attacks aren’t really prominent in the media. This might have you fall in a false sense of security.
The Probely team will, again, organize the security capture the flag (CTF) competitions on this edition of Pixels Camp. The CTF will take place at Pixels Camp, a 3 day non-stop tech event with talks, workshops and a 48 hour programming competition, held in Lisbon, Portugal, which had over 1000 attendees last year. Pixels Camp is organized by Bright Pixel, one of our investors.
Our CEO and Co-Founder Nuno Loureiro was recently interviewed by Safety Detectives. He talked about our history and goals when we decided to build Probely, and briefly explains what keeps Probely ahead of the competition.
One more year, one more bSidesLisbon, and therefore, one more CTF to be qualified. Being part of team Probely always makes me feel like the fat kid in the school’s football team. There’s a little difference this year, Bruno Barão was not on vacation, so everything would be easier
The fine British Airways are facing is related to a 2018 data breach that affected thousands of customers and compromised data from over 380,000 card payments. The fine was issued due to BA’s failure to comply with GDPR rules. Preventing the breach would not have only avoided the fine (obviously), but it would’ve prevented a much more costly outcome — thousands of dissatisfied customers that lost trust in the brand.
In this article, we propose how to create a modern and secure TLS setup, while maintaining adequate compatibility. Additionally, we provide ready-to-use Terraform examples for a Docker-based nginx reverse proxy setup, with TLS 1.3 support, and Let’s Encrypt automatic certificate renewal, for both Amazon Web Services and Google Cloud Platform.
Cryptojacking is the digital version of it — it’s when the hacker steals your computer’s resources and uses them to harvest cryptocurrency. Mining is only a viable business if the cost of the computing power and electricity required to operate and cool down your systems is significantly lower than the monetary gain you get from mining.
