What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-27 06:00:12 | Hackers: The third pillar of security (lien direct) | >Every business knows that to maintain security, you need the primary pillar: the right employees. Some businesses know that these employees also need the second pillar: the right tools such as Acunetix and Invicti. However, still, not enough businesses know how to deal with hackers... Read more | Tool | ★★★★ | |
|
2022-06-20 06:00:27 | Red teaming – 5 tips on how to do it safely (lien direct) | >Red team vs blue team exercises are a very effective method to evaluate the security posture of your business. However, red teaming, due to its adversarial approach, carries certain risks that must be taken into consideration, both for the red team and the target business.... Read more | |||
|
2022-06-13 06:00:48 | Threat modeling for web application security (lien direct) | >Threat modeling is an activity that helps you identify and mitigate threats. It's very important because it makes you look at security risks top-down, focus on decision-making and prioritize cybersecurity decisions, and consider how you can use your resources in the best possible way. There... Read more | |||
|
2022-06-06 07:32:58 | Considerations for web application remediation testing (lien direct) | >It seems that most application security discussions revolve around initial vulnerability scanning and penetration testing. You've got to start somewhere. The thing is many people often stop at that point. Vulnerabilities are uncovered, results are passed along to developers, DevSecOps, or other technical staff, and... Read more | Vulnerability | ||
|
2022-05-30 06:00:40 | Penetration testing vs vulnerability scanning (lien direct) | >Businesses often perceive vulnerability scanning as an alternative to penetration testing. This perception is wrong. An organization conscious of cybersecurity must include both these activities in their business processes and make sure that they work in unison. Missing out on one of them greatly decreases... Read more | Vulnerability | ||
|
2022-05-24 07:48:58 | Acunetix releases IAST support for Jetty and WildFly Java servers as well as Servlet 3 and Jersey Java frameworks (lien direct) | A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.8.220519149. This Acunetix release introduces support for Jetty and WildFly, allowing the Java IAST sensor (AcuSensor) to be used with these Java servers. In addition, the Java IAST sensor has been updated... Read more | |||
|
2022-05-23 06:00:11 | What is DevSecOps and how should it work? (lien direct) | >DevSecOps stands for development, security, and operations. Similar to DevOps or SecOps, it is a concept that joins two previously separate roles into a unified environment. DevSecOps teams are responsible for providing conditions for continuous secure software development. Being a newer concept than DevOps, DevSecOps... Read more | |||
|
2022-05-16 06:00:01 | Four ways to combat the cybersecurity skills gap (lien direct) | The lack of cybersecurity talent is nothing new. It's a problem that all businesses have been facing for several years and it's getting worse. There have been many proposals on how to narrow the gap, but so far all efforts have been futile. Let's have... Read more | |||
|
2022-05-09 07:39:23 | Four ways AppSec analytics help your DevSecOps pros work smarter, not harder (lien direct) | What's in a number? For DevSecOps professionals, the answer is “a lot.” Analytics in application security (AppSec) hold immense power, helping teams decide where to focus their priorities and pick up on patterns that uncover knowledge gaps. Reporting with clear analytics helps set standards for... Read more | |||
|
2022-05-03 08:22:58 | Acunetix by Invicti exhibiting at RSA Conference 2022 (lien direct) | We're thrilled to once again be exhibiting at the RSA Conference from June 6-9 in San Francisco. This event is undoubtedly one of the largest in the industry, convening thousands of innovators in cybersecurity from around the world to share perspectives that spark new ideas. This year's... Read more | |||
|
2022-04-25 06:00:45 | How to build a cyber incident response plan (lien direct) | No matter how well you manage your security posture, there is always a chance that you will become a victim of a cyber attack. That is why every organization, no matter the size, should be prepared to react to a cyber incident. The key element... Read more | |||
|
2022-04-11 06:00:24 | DevSecOps: How to get there from DevOps (lien direct) | DevSecOps is a practice that merges the work done by development (Dev), security (Sec), and IT operations teams (Ops) to deliver the most efficient and effective software development practices. But why is it still so rare? Let us take a look at the difficulties of... Read more | |||
|
2022-04-05 14:18:29 | Invicti\'s Spring 2022 AppSec Indicator highlights unrelenting direct-impact flaws (lien direct) | The spring 2022 edition of the Invicti AppSec Indicator has arrived hot off the presses, and it underscores some alarming trends for severe web vulnerabilities. The data shows that direct-impact flaws are still showing up in customer scan results at alarming rates. Worse still, these... Read more | |||
|
2022-04-01 10:39:53 | Critical alert – Spring4Shell RCE (CVE-2022-22965 in Spring) (lien direct) | On March 31, 2022, a serious zero-day vulnerability was discovered in the Spring framework core, which is an open-source framework for building enterprise Java applications. The vulnerability, dubbed Spring4Shell (similar to Log4Shell) or Springshell, was identified as CVE-2022-22965 (at the time of writing, not yet... Read more | Vulnerability | ||
|
2022-03-21 06:00:31 | Common password vulnerabilities and how to avoid them (lien direct) | Weak passwords and password reuse are still some of the most serious concerns for cybersecurity. There are several ways to increase password security but they are often not adopted by users and administrators. Here's how you can make sure that sensitive data in your web... Read more | |||
|
2022-03-14 08:54:29 | How often should you test your critical web applications? (lien direct) | When it comes to web application security, the concern is not whether you should test but, rather, how often you should test. Many people scan for web vulnerabilities using dedicated vulnerability scanners and perform manual analysis/penetration testing once per year. Some people do it once... Read more | Vulnerability | ||
|
2022-03-07 08:09:54 | Trends that underscore the seriousness of the cybersecurity skill gap (lien direct) | It is no secret that there's a glaring skills gap in cybersecurity. Learn more about the trends impacting AppSec success and the steps that can help bridge gaps in DevSecOps workflows. Under pressure to innovate, development outpaces security Picture this: a time-strapped engineer chasing a... Read more | |||
|
2022-03-01 15:53:39 | Acunetix introduces IAST updates improving vulnerability and misconfiguration detection as well as scan coverage (lien direct) | A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.7.220228146 This Acunetix release introduces multiple IAST updates that will help detect several high severity vulnerabilities, provide full coverage for the newly supported web frameworks, and improve the detection of server-side misconfigurations.... Read more | Vulnerability | ||
|
2022-02-28 06:00:58 | DevSecOps vs. SecDevOps (lien direct) | DevSecOps is a relatively new approach to continuous software development processes in agile environments. It is an extension of DevOps (Development + Operations) that includes the automation of security. The order of component terms in the DevSecOps name, however, may lead to incorrect application security approaches. That... Read more | Guideline | ||
|
2022-02-22 14:59:16 | The cutting-edge conundrum: Why federal agencies can\'t compromise on security (lien direct) | 2021 was a banner year for cyberattacks, with reported breaches increasing by 68 percent. The record-breaking number of 1,862 data breaches put previous years to shame, especially considering industry-rocking incidents like Log4Shell, which had most organizations in the public and private sectors scrambling to secure... Read more | ★★ | ||
|
2022-02-14 08:04:52 | AppSec best practices for security that sticks (lien direct) | New year, new AppSec program. Just like any good resolution, AppSec that makes a lasting impact is one you have to stick to, fine-tune, and hold yourself accountable for. AppSec programs act like bumpers in a bowling lane and help keep you on track, but... Read more | ★★★★★ | ||
|
2022-02-03 07:00:32 | What is server-side request forgery (SSRF)? (lien direct) | Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF... Read more | Vulnerability | ★★★ | |
|
2022-01-28 09:17:42 | Zero trust countdown: New OMB memo stresses urgency for modern AppSec (lien direct) | The White House is following up with a new cybersecurity directive to further improve the security posture for federal agencies. The memo strongly encourages the adoption of zero trust architecture as a way to ensure that, in the process of securing their software landscape, federal... Read more | ★★★★ | ||
|
2022-01-27 15:36:45 | The importance of testing “less critical” web systems (lien direct) | When it comes to security oversight, I'm a big proponent of focusing on the things that matter. These are your highest payoff areas – otherwise known as your most urgent vulnerabilities on your most important systems. I learned this concept while studying time management and... Read more | |||
|
2022-01-21 15:07:17 | Lessons from the Log4j crisis: Are we ready for the next global vulnerability? (lien direct) | It was an unwelcome early Christmas gift shared with the entire world on December 9th, 2021. Log4Shell rocked the industry when we realized just how dangerous and far-reaching its effects could be. The mad scramble to find and patch the flaw left many organizations wondering... Read more | |||
|
2022-01-20 21:00:39 | What to know about Biden\'s latest cybersecurity memorandum (lien direct) | Building on his administration's historic cybersecurity executive order, President Joe Biden yesterday signed a new National Security memorandum (NSM) designed to further improve security across the Department of Defense, intelligence community, and national security systems. The memo lays out concrete requirements around the technology required... Read more | |||
|
2022-01-18 16:05:29 | Facing DevSecOps hurdles, federal agencies need a modern approach to security (lien direct) | Cybersecurity is no longer a nice-to-have. It's an imperative for organizations that create, distribute, and manage software every day – especially true for federal agencies as the government moves away from legacy technology in the race to improve user experience and shift to the cloud... Read more | |||
|
2022-01-17 06:28:29 | 7 reasons why development teams skip security steps (lien direct) | The Fall 2021 Invicti AppSec Indicator has made us aware of an incredibly high percentage of development teams that have admitted to skipping security steps. There is a 70% chance that this happens in your business, leaving your web applications exposed to malicious hacker attacks.... Read more | |||
|
2022-01-10 15:54:33 | FTC words of warning: Remediate recent Log4j vulnerabilities or face consequences (lien direct) | In an unusual and noteworthy move, the Federal Trade Commission (FTC) issued an early warning to companies that haven't yet patched recent Log4j vulnerabilities: remediate or risk legal and financial consequences. As noted by the FTC, the recent Log4j vulnerabilities are still being actively exploited... Read more | |||
|
2021-12-27 08:10:10 | 2021 – the year in review (lien direct) | As 2021 comes to an end, it is time to sum up the year to see what it meant for Acunetix, Invicti, and the web application security industry. The rise of Invicti 2021 was the year when Acunetix became a brand of Invicti Security. The... Read more | |||
|
2021-12-23 14:56:16 | Log4j vulnerability resource center (lien direct) | Watch this space for the latest news and resources from Invicti on the Log4j crisis. Product update All Netsparker and Acunetix products now detect the CVE-2021-44228 Log4j-related vulnerability (known as Log4Shell or LogJam). More in our official statement. Our perspective Invicti President and COO Mark... Read more | Vulnerability | ||
|
2021-12-22 11:46:50 | Acunetix releases multiple updates to detect Log4j vulnerabilities (lien direct) | Over the past week, we have been busy updating Acunetix to detect Log4j vulnerabilities that have been making the headlines. Acunetix is detecting the CVE-2021-44228 vulnerability (Log4Shell) as an out-of-band vulnerability using the AcuMonitor service. In addition, the AcuMonitor service and Acunetix have been updated... Read more | Vulnerability | ||
|
2021-12-21 16:13:29 | Log4Shell: A forcing function to adopt long-overdue continuous security (lien direct) | Like other unexpected exploits and big-time breaches, the recent Log4j discovery reminded us that serious threats can seemingly come out of nowhere and create significant new risk. It is another stark reminder that, despite the frequent occurrence of security breaches, many organizations are not adequately... Read more | |||
|
2021-12-20 08:16:00 | Five fundamental tips for getting executive buy-in on AppSec (lien direct) | The need for effective cybersecurity programs has never been more apparent. By October of 2021, the number of data breaches leapfrogged the total from 2020 by 17%, and 2021 saw the highest average data breach cost in 17 years ($4.24 million, in fact). Yet, for... Read more | Data Breach | ||
|
2021-12-13 17:30:30 | Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever (lien direct) | On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary... Read more | Vulnerability | ||
|
2021-12-09 08:25:44 | How Acunetix addresses HTTP/2 vulnerabilities (lien direct) | In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we'd like... Read more | |||
|
2021-12-07 14:56:54 | Acunetix introduces support for the detection of HTTP/2 vulnerabilities and improves handling of Laravel CSRF tokens (lien direct) | A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.6.211207099. This Acunetix release introduces support for the detection of HTTP/2 vulnerabilities. HTTP/2 is an upgrade to the HTTP protocol and is used more and more frequently. It does however introduce a... Read more | |||
|
2021-12-02 08:19:50 | The false sense of security in the cloud (lien direct) | Businesses like yours have different reasons to move to the cloud. Some do it primarily to save on hardware. Others go further and outsource services to reduce the need for their own resources. Those who want to outsource administration and related services often believe that... Read more | |||
|
2021-11-29 06:00:10 | Secure coding practices – the three key principles (lien direct) | All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of... Read more | |||
|
2021-11-25 07:53:56 | Shifting left with Acunetix Premium and GitHub (lien direct) | To develop an application, you usually perform multiple iterations of the following activities: Commit the source code to implement a new or changed feature or a bug fix Build the solution Deploy a test environment containing the solution Run QA tests against the test environment... Read more | |||
|
2021-11-22 07:53:43 | Code security is not enough! (lien direct) | Recently, I came across an article that referred to web application security as code security and I hope it was just a slip of the tongue. If you really think web application security is the same as code security, you are leaving a gaping hole... Read more | |||
|
2021-11-18 06:00:26 | What is website security – how to protect your website from hacking (lien direct) | You protect your every office computer with an antivirus. You install firewalls to prevent unwanted access to your network. But what do you do to secure your website? And what can happen if it's not secured? This article is aimed at website owners that are... Read more | |||
|
2021-11-15 07:43:50 | You are the only one who can secure and protect your web applications (lien direct) | Security-related vocabulary includes a lot of words with imprecise meanings. Two such terms that give me a headache when used in the web application security context are the verbs to secure and to protect. But this headache is nothing compared to the one I get... Read more | |||
|
2021-11-11 12:04:28 | What government agencies need to know about CISA\'s new Binding Operational Directive (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) is reinforcing the nation's cybersecurity efforts by announcing a new Binding Operational Directive (BOD) related to common vulnerabilities and exposures. Also referred to as CVEs, these publicly disclosed flaws in software open doors that attackers are able to... Read more | |||
|
2021-11-08 07:25:36 | Make your users part of the web security solution (lien direct) | Around the world today, we're seeing instances of people being either part of the solution or part of the problem. In the context of information security, it seems we mostly witness people being part of the problem. But there's often little discussion about people being... Read more | ★★ | ||
|
2021-11-04 12:20:56 | Webcast Recap: Unlocking your AppSec future (lien direct) | There's a progress problem in application security (AppSec). According to Cloud Security Alliance, the number of global web apps doubled in the last five years from 863 million in 2015 to 1.9 billion in 2020. Yet at the same time, developers and security practitioners are... Read more | |||
|
2021-11-01 08:20:31 | What is continuous web application security? (lien direct) | The term continuous security in the context of web application security is best understood when paired with well-known terms continuous integration and continuous deployment (CI/CD). Continuous security means that security is part of a continuous process – DevSecOps or, even better, SecDevOps. The confusion around... Read more | |||
|
2021-10-28 13:43:14 | FISMA Update: What\'s changing and why it matters (lien direct) | In early October, the Homeland Security and Governmental Affairs Committee announced bipartisan legislation that's set to make waves in federal civilian cybersecurity. This move to overhaul the Federal Information Security Management Act (FISMA) from 2014 is especially notable as the government became the most targeted... Read more | |||
|
2021-10-26 07:19:16 | New Industry Study: 70% Of Teams Skip Security Steps (lien direct) | Hot off the presses, the Fall 2021 Invicti AppSec Indicator is shedding light on the state of web application security (AppSec), including areas for improvement to speed up software innovation. The report, created in partnership with Wakefield Research, surveyed 600 individuals in security, development, and... Read more | |||
|
2021-10-21 07:48:59 | Deploying AcuSensor for PHP – AWS Elastic Beanstalk (lien direct) | AWS Elastic Beanstalk allows you to deploy a web application that can scale to match end-user demand. This simple example will demonstrate how you can deploy AcuSensor together with your web application into AWS Elastic Beanstalk. Step 1. Create your target in Acunetix For this... Read more |
To see everything:
Our RSS (filtrered)
