The Open Web Application Security Project (OWASP) Top 10 is a consensus list of the top web application security concerns, guiding testers and developers. The 2021 version includes new categories and relabelled items, providing a great resource for application security and audit/compliance. Leverage the OWASP Top 10 to spread awareness and make sure you don't miss out on anything.
This blog post defines GDPR Compliance for web application and API security, lists its potential technical and business impacts for the critical risks, explains how the Probely scanner can help with GDPR compliance and provides examples of what you can do right now to get started.
As a Small Business owner, your security is probably not at the top of your to-do list. Even though we constantly see headlines of big breaches and corporations being targets of sophisticated attacks, small businesses that suffer from web-based attacks aren’t really prominent in the media. This might have you fall in a false sense of security.
The Probely team will, again, organize the security capture the flag (CTF) competitions on this edition of Pixels Camp. The CTF will take place at Pixels Camp, a 3 day non-stop tech event with talks, workshops and a 48 hour programming competition, held in Lisbon, Portugal, which had over 1000 attendees last year. Pixels Camp is organized by Bright Pixel, one of our investors.
SAST has its place, DAST is great at finding the majority of flaws that the bad guys are going to uncover, and IAST offers unique approaches to complex situations. At a minimum, DAST should be your main focus. Step back and consider your application environment, your internal resources and expertise, as well as your budget.
When every security flaw is deemed important, it creates chaos at the business level. In the short term, precious resources are wasted addressing such findings. Longer-term, these things add up to create true dysfunction in an overall security program which, ironically, makes the organization more susceptible to the risks that matter.
Depending on the target's nature, you may want to prevent scans from running at certain times. For instance, when you don't want scans to affect your team's productivity during working hours or when you want to guarantee that your website can handle all customer requests during peak hours. With Probely, you can pause and resume scans later, both on-demand and automatically.
This blog post describes our partnership with the OLX Group that enabled them to use Probely’s API driven security scanner to secure their customer data and facilitate creativity. Probely integrated quickly with their in-house solution Dalek and provided evidence of vulnerabilities with no false positives.
Understand how to use Teams to mimic your company’s structure better and address its needs. Please note that this feature is only available for Probely Plus. Teams provide a way for you to group Users, API keys, and Targets in one place so that managing them becomes easier and time-efficient. You can create multiple teams for one account. Teams act as independent units/groups and help you separate and assign targets for each team, limit the number of targets, set scopes, and user roles. One user can be added to different teams and assigned roles that don’t affect one another, such as an admin, developer, or a custom role.