Category

Security Testing

Category

It’s been just over one year since the European Union put into effect the General Data Protection Regulation (GDPR). Set up to establish rules for digital privacy and give consumers more control over their data, GDPR has been controversial because of the supposed burden it places on organizations in order to comply with the regulations. A new study conducted by security testing firm ImmuniWeb found that while companies have had ample time to get their sites and services up to date, many are…

In one of the episodes of Sherlock Holmes, Jim Moriarty orchestrated a simultaneous heist on the Tower of London, Bank of England, and Pentonville Prison with a single tap on his phone. Sherlock, in turn, tried to find the ‘master code’ that could open any locker anywhere in the whole wide world – a unique combination of ones and zeroes that bears the power to penetrate into layers and layers of security. This was a fictional scenario, it did raise a question and a very important one at that – Is our security system this…

How to Test Application Security – Web and Desktop Application Security Testing Techniques The Need For Security Testing? The software industry has achieved a solid recognition in this age. In the recent decade, however, the cyber-world seems to be even more dominating and driving force which is shaping up the new forms of almost every business. Web-based ERP systems used today are the best evidence that IT has revolutionized our beloved global village. These days,…

How to Test Application Security – Web and Desktop Application Security Testing Techniques The Need For Security Testing? The software industry has achieved a solid recognition in this age. In the recent decade, however, the cyber-world seems to be even more dominating and driving force which is shaping up the new forms of almost every business. Web-based ERP systems used today are the best evidence that IT has revolutionized our beloved global village. These days,…

Security testing is becoming essential for every business. Undetected bugs and security vulnerabilities can lead to expensive consequences or even losses that businesses can’t recover from. Security issues are usually considered when developing web and SaaS solutions. However, security matters for each and every product, no matter what goals it serves and what technologies it uses. At Apriorit, we always include security testing in our quality assurance strategies. In this article, we focus on some…

Identity in a remote world has taken on added importance for cybersecurity leaders speaking in a webinar on the state of security and the evolving role of CISOs at VMworld 2020. “In the CISO community we’ve talked about the notion of ‘Your identity is your perimeter.’ This put an exclamation point on that,” said Jason Lee, CISO of Zoom, referring to the COVID-19 pandemic. “When I think of the scenario of how do I know…

One of the biggest risks with software security is the opaque nature of verification tools and processes, and the potential for false negatives not covered by a particular verification technique (e.g. automated dynamic testing). Despite many best practices around secure Software Development Lifecycle (SDLC) most organizations tend to primarily rely on testing to build secure software. One of the most significant byproducts from current methods of testing is that organizations rarely understand what is being tested – and more…

The Online Trust Alliance (OTA) evaluated 13 “free” e-file tax sites recommended by the IRS against both their own rigorous standards and the IRS’s less stringent security measures. OTA categorized the sites into two groups: Honor Roll or Failed. Six sites, or 46% of those audited, failed OTA’s cybersecurity tests. One of the sites did not even meet the IRS’s own requirements. OTA audited the 13 e-file tax sites shown above between February 2 and February 18, 2016. The sites were…

As Maverick and Goose declared in the movie Top Gun, “I feel the need…the need for speed!” Speed is a defining characteristic of IT and app development these days. It used to just be desirable—now it’s a strategic imperative. The DevOps revolution has accelerated the software development lifecycle. Rapid deployment and frequent updates are the new norm. It’s important, however, not to let security fall victim to the quest for speed. That’s where companies like…

According to the independent security researchers at NSS Labs, Microsoft Edge is the best browser available when it comes to protecting Windows 10 users from phishing attempts and social engineering attacks. Or at least it’s better than the two most popular non-Microsoft browsers, Chrome and Firefox. that went live near the end of August this year. Each was subjected to the same set of more than 5,000 malware samples and nearly 1,000 phishing URLs, and…