In the past few years, the use of automation in many spheres of cybersecurity has increased dramatically, but penetration testing has remained stubbornly immune to it. While crowdsourced security has evolved as an alternative to penetration testing in the past 10 years, it’s not based on automation but simply throwing more humans at a problem (and in the process, creating its own set of weaknesses). Recently though, tools that can be used to automate penetration … More
Positive Technologies performed instrumental scanning of the network perimeter of selected corporate information systems. A total of 3,514 hosts were scanned, including network devices, servers, and workstations. The results show the presence of high-risk vulnerabilities at most companies. However, half of these vulnerabilities can be eliminated by installing the latest software updates. The research shows high-risk vulnerabilities at 84% of companies across finance, manufacturing, IT, retail, government, telecoms and advertising. One or more hosts with … More
The post Most companies have high-risk vulnerabilities on their network perimeter appeared first on Help Net Security.
The majority of applications contain at least one security flaw and fixing those flaws typically takes months, a Veracode report reveals. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find. The report also uncovered some best practices to significantly improve these fix rates. There are some factors that teams have a lot of control over, and those they have very little … More
The post 76% of applications have at least one security flaw appeared first on Help Net Security.
Mark Sangster, VP and Industry Security Strategist at eSentire, is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations. In this interview, he discusses MDR services and the MDR market. What are the essential building blocks of a robust MDR service? Managed Detection and Response (MDR) must combine two elements. The first is an aperture that can collect … More
The post MDR service essentials: Market trends and what to look for appeared first on Help Net Security.
A new generation of fraud detection applications is about to eliminate the shortcomings of the current applications. Combatting fraud is an annoying and expensive hassle for everyone: Credit cardholders don’t want the bother of listening to Muzak at the 800 number of card issuers to report fraudulent charges and then having to change to a…
At its annual MAX conference, which is taking place online this week, Adobe introduced new features for Creative Cloud, with updates available for Fresco, Illustrator, Photoshop, XD and Lightroom.
The post Adobe announces Creative Cloud updates, and an iPad version of Illustrator first appeared on IT World Canada.
The COVID-19 pandemic has largely proven to be an accelerator of cloud adoption and extension and will continue to drive a faster conversion to cloud-centric IT. Global spending on cloud services to rise According to IDC, total global spending on cloud services, the hardware and software components underpinning cloud services, and the professional and managed services opportunities around cloud services will surpass $1 trillion in 2024 while sustaining a double-digit compound annual growth rate (CAGR) … More
The post Global spending on cloud services to surpass $1 trillion in 2024 appeared first on Help Net Security.
Vulnerability scanners can be a very useful addition to any development or operations process. Since a typical vulnerability scanner needs to detect vulnerabilities in deployed software, they are (generally) not dependent on the language or technology used for the application they are scanning. This often doesn’t make them the top choice for detecting a large number of vulnerabilities or even detecting fickle bugs or business logic issues, but makes them great and very common tools … More
The post Review: Netsparker Enterprise web application scanner appeared first on Help Net Security.
Graph databases and Field Programmable Gate Arrays (FPGA) can dramatically increase application performance by multiple orders of magnitude to respond to these high expectations and ever more demanding systems.
The post Need faster application performance? Here are some tips first appeared on IT World Canada.
Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution. About CVE-2020-5135 The SonicWall NSAs are next-generation firewall appliances, with a sandbox, an intrusion prevention system, SSL/TLS decryption and inspection capabilities, network-based malware protection, and VPN capabilities. CVE-2020-5135 was discovered by Nikita Abramov … More
The post Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135) appeared first on Help Net Security.
Technology is moving at a breakneck pace and there is nothing to indicate it will ever slow down. With 90 per cent of new apps slated to be cloud native by 2025, companies are challenged to be resilient and agile enough to meet business and customer expectations. “This is a critical challenge,” says Jim Love,…
The PCI Secure Software Lifecycle (Secure SLC) Standard is part of the PCI Software Security Framework, which addresses security for software operating in payment environments. In this blog, we interview PCI Security Standards Council’s VP, Global Head of Programs, Gill Woodcock, about the Secure SLC Standard, what it is, and the value of adoption.