Join our subscribers
Resources
Continuous Integration/Continuous Deployment (CI/CD) is an automated software development practice where code changes are frequently integrated into a shared repository, automatically tested, and reliably deployed to production, enabling rapid and efficient software delivery.
DAST is a security test that scans a running application from the outside, mimicking a hacker to find runtime vulnerabilities like SQL Injection and Cross-Site Scripting.
DevSecOps is a cultural and technical methodology that seamlessly integrates security practices, tools, and shared responsibility into the entire DevOps workflow, from code development through to deployment and operations, to ensure continuous and collaborative delivery of secure software.
IAST is a security testing method that uses agents embedded within a running application to analyze code, data flow, and execution in real-time during automated tests or normal operation to accurately identify and pinpoint vulnerabilities.
Mobile Application Security Testing (MAST) is a specialized security process that combines static analysis, dynamic analysis, and behavioral testing to identify and remediate vulnerabilities unique to mobile apps, addressing risks from insecure data storage, third-party libraries, and the inherent threats of the mobile environment.
Static Application Security Testing (SAST) is a testing methodology that analyzes an application's source code at rest to identify security vulnerabilities early in the development lifecycle.
A Software Bill of Materials (SBOM) is a formal, machine-readable inventory that identifies and lists the components, libraries, and dependencies used in a software application, providing transparency into its supply chain for security, compliance, and management purposes.
Software Composition Analysis (SCA) is a security methodology that automatically identifies and analyzes the open-source and third-party components within a software project to manage security vulnerabilities, license compliance, and operational risks associated with the software supply chain.
A Secure Software Development Life Cycle (S-SDLC) is a holistic framework that integrates security practices and considerations into every phase of the software development process, from initial design and coding to testing, deployment, and maintenance, to proactively build security into applications rather than addressing it as an afterthought.
Cyber security threats are becoming more spread today. With growing big data and rapidly developing cloud services, the question of cyber protection can no longer be ignored. Neither by organizations, nor by individuals.
Breach Attack Simulation or BAS is a new word in cybersecurity but is rapidly gaining in popularity and already proved its effectiveness. Here we explain what it is, its features, and benefits.
303.1 KB ISO 27001 is an internationally recognized information security standard that provides a framework for organizations to establish, implement, maintain, and continually improve their information security management system (ISMS). It helps organizations protect their sensitive information from threats like unauthorized access, disclosure, modification, or destruction.
302.9 KB ISO 27002 is a widely recognized international standard that provides a set of best practices for implementing information security controls. It serves as a practical guide for organizations to implement the requirements of ISO 27001, the overarching standard for information security management systems (ISMS).
300.7 KB MAS stands for the Monetary Authority of Singapore, which is the central bank and financial regulator of Singapore. MAS compliance refers to adherence to the regulations and guidelines set forth by MAS for financial institutions operating in Singapore.
299.3 KB PCI DSS stands for Payment Card Industry Data Security Standard. It is a set of security requirements designed to protect cardholder data from unauthorized access, theft, and fraud. This standard is mandated by major credit card companies like Visa, Mastercard, American Express, Discover, and JCB.
302.9 KB Sarbanes-Oxley Act (SOX) is a U.S. federal law designed to improve the accuracy of financial reporting of publicly traded companies. It was enacted in response to a series of corporate scandals, most notably those involving Enron and WorldCom.
303.4 KB CISA (Certified Information Systems Auditor) is a professional certification offered by ISACA (Information Systems Audit and Control Association). While not a legal requirement like SOX, CISA certification is often sought by IT professionals involved in auditing and control.
290.7 KB COPPA (Children's Online Privacy Protection Act) is a U.S. federal law that sets rules for websites and online services that collect personal information from children under the age of 13. It requires website operators to obtain parental consent before collecting, using, or disclosing a child's personal information.
294.0 KB ECPA (Electronic Communications Privacy Act) is a U.S. federal law that protects the privacy of electronic communications, including emails, phone calls, and text messages. It sets rules for government and private entities regarding the interception, access, and disclosure of electronic communications
291.5 KB CFAA (Computer Fraud and Abuse Act) is a U.S. federal law that prohibits unauthorized access to computer systems, networks, and data. It is designed to protect the integrity and security of computer systems and data.
306.4 KB DFARS (Defense Federal Acquisition Regulations Supplement) is a set of regulations that govern the acquisition of goods and services by the U.S. Department of Defense. It includes specific requirements related to the protection of national security information.
293.1 KB NYDFS stands for the New York Department of Financial Services. Its cybersecurity regulation, 23 NYCRR Part 500, is a significant compliance requirement for financial institutions operating in New York State. This regulation aims to protect consumers and ensure the safety and soundness of the state's financial services industry.
312.5 KB FISMA (Federal Information Security Modernization Act) is a US federal law that mandates federal agencies to develop, document, and implement an information security program. It's designed to protect government information, operations, and assets from threats.
181.7 KB FCRA stands for the Fair Credit Reporting Act. This U.S. federal law regulates the collection, use, and dissemination of consumer credit information. It aims to ensure fairness, accuracy, and privacy in the credit reporting industry.
187.0 KB FACTA (Foreign Account Tax Compliance Act) has significantly reshaped the global financial landscape. Let's delve deeper into specific aspects of FATCA compliance.
295.8 KB California Consumer Privacy Act (CCPA) is a landmark piece of legislation that grants California residents significant new rights regarding their personal information. It has far-reaching implications for businesses that operate in California or collect data from California residents.
186.3 KB POPIA stands for the Protection of Personal Information Act. It is South Africa's comprehensive data protection law designed to protect the personal information of individuals.
187.3 KB LGPD stands for Lei Geral de Proteção de Dados Pessoais, or General Data Protection Law in English. It is Brazil's comprehensive data protection law designed to safeguard the personal information of individuals.
188.2 KB HITECH stands for the Health Information Technology for Economic and Clinical Health Act. It was enacted in 2009 as part of the American Recovery and Reinvestment Act (ARRA) to promote the adoption and meaningful use of electronic health records (EHRs).
191.0 KB HIPAA stands for the Health Insurance Portability and Accountability Act. It is a U.S. law that sets national standards for protecting sensitive patient health information (PHI).
186.7 KB FTCA stands for the Federal Tort Claims Act. It is a U.S. federal law that gives civilians the right to sue the federal government for damages caused by the negligence of federal employees.
308.9 KB The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals greater control over their personal data and imposes strict obligations on organizations that collect and process personal data of EU residents.
291.7 KB GLBA, or the Gramm-Leach-Bliley Act, is a U.S. federal law that regulates how financial institutions handle sensitive customer information. Its primary goal is to protect consumers' private financial data.
297.0 KB NIST SP 800-171 is a set of security standards developed by the National Institute of Standards and Technology (NIST) to protect Controlled Unclassified Information (CUI) in non-federal systems and organizations. This standard is mandatory for contractors and subcontractors working with the U.S. Department of Defense (DoD) who handle CUI.
291.2 KB Singapore PDPA stands for Personal Data Protection Act. It's a law designed to protect the personal data of individuals. This means organizations handling personal information must adhere to specific rules and regulations to ensure data privacy and security.
185.0 KB The Personal Data (Privacy) Ordinance (PDPO) is Hong Kong's primary law governing the collection, use, and disclosure of personal data. It applies to both private and public sector organizations.
249.7 KB Vulnerability Management, Detection & Response (VMDR) is a comprehensive cybersecurity framework that addresses the entire lifecycle of vulnerabilities within an organization's IT systems.
261.7 KB Vulnerability Management as a Service (VMaaS) is a cloud-based solution that outsources the tasks and processes involved in managing vulnerabilities.
254.8 KB Unified Threat Management (UTM) is an approach to network security that combines multiple security functionalities into a single appliance or software solution.
226.4 KB Third-Party Cyber Risk Management (TPCRM) focuses on identifying, assessing, and mitigating cybersecurity risks associated with an organization's third-party vendors, partners, and suppliers.
232.0 KB Security Orchestration, Automation and Response (SOAR) is a technology and process designed to streamline and improve an organization's cybersecurity posture.
205.5 KB Enter SaaS Security Posture Management (SSPM), a powerful solution for securing your SaaS environment.
214.5 KB Enter SaaS Security Posture Management (SSPM), a powerful solution for securing your SaaS environment.
233.8 KB Managed Detection and Response (MDR) is a cybersecurity service that combines technology and human expertise to continuously monitor, detect, and respond to cyber threats within an organization's network.
237.5 KB Intrusion Detection Systems (IDS) are network security devices or software applications that continuously monitor traffic flowing across a computer network for suspicious activities or violations of security policies.
233.3 KB Governance, Risk and Compliance (GRC) refers to a framework for an organization to effectively achieve its objectives, address uncertainty (risk), and act within the law and internal policies.
236.6 KB Fraud Prevention and Transaction Security (FPTS) refers to a comprehensive set of strategies and technologies employed to safeguard financial transactions and data from fraudsters.
245.0 KB Extended detection and response (XDR) provides a more comprehensive approach to threat detection and response by collecting and analyzing data from a wider range of sources across your network.
235.8 KB Enterprise Risk Management (ERM) is a strategic approach that helps organizations identify, assess, prioritize, and mitigate potential risks across the entire business.
237.8 KB Endpoint Protection Platforms (EPP) are a cornerstone defense mechanism in the cybersecurity realm.
227.2 KB Endpoint Detection and Response (EDR) is a cybersecurity technology designed to continuously monitor endpoints (devices like laptops, desktops, servers, and mobile phones) within a network to identify and respond to malicious cyber threats.
212.4 KB Data Security Posture Management (DSPM) is a relatively new approach to securing an organization's sensitive data.
212.9 KB Cyber Security Asset Management (CSAM) emerges as a critical practice to safeguard network assets and minimize vulnerabilities.
248.7 KB Cybersecurity-as-a-Service (CaaS) is a solution where an external vendor manages an organization's cybersecurity needs on a subscription basis, similar to how you might subscribe to a cloud storage service.
225.8 KB Continuous Threat Exposure Management (CTEM) is a strategic approach to cybersecurity that focuses on constantly monitoring and managing an organization's vulnerability to threats.
235.5 KB Continuous Detection Posture Management (CDPM) is a practice within cybersecurity that involves continuously monitoring an organization's security posture to identify and address any gaps in its ability to detect and respond to cyberattacks.
216.8 KB Cloud Threat Detection Investigation & Response (TDIR) is a cybersecurity framework designed to identify, investigate, and neutralize threats within a cloud environment.
229.1 KB Breach and Attack Simulation (BAS) is a proactive cybersecurity approach that utilizes automated tools to continuously simulate real-world cyberattacks against an organization's IT infrastructure.
269.1 KB Application Security Posture Management (ASPM) is a comprehensive approach to securing your organization's applications.
249.2 KB Advanced Persistent Threats (APTs) are sophisticated cyberattacks that pose a significant challenge to organizations.
Cybersecurity compliance refers to following a set of rules and regulations designed to protect information and data from cyber threats.
Automated red teaming (ART), also known as continuous automated red teaming (CART), is a proactive cybersecurity approach that leverages automation to simulate real-world cyberattacks against an organization's systems, constantly.
A breach and attack simulation (BAS) is a proactive cybersecurity method that uses software to simulate real-world cyberattacks on a company's computer systems and network.
Web Security Scanning is a process that automatically identifies and prioritizes security vulnerabilities in web applications and websites.
Web penetration testing, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities.
Third-party risk management (TPRM) is the process of identifying, assessing, and mitigating the risks associated with working with third parties, such as vendors, suppliers, contractors, and other business partners.
Software Composition Analysis (SCA) is a process that enables organizations to identify, manage, and secure the open-source software (OSS) components used in their applications.
Red teaming is a security testing methodology that simulates real-world cyberattacks to evaluate an organization's cybersecurity posture.
Phishing Website Takedown is the process of removing a malicious website that is designed to trick people into entering sensitive information, such as their passwords or financial details.
A PCI DSS penetration test, also known as a PCI compliance assessment, is a simulated attack on an organization's systems to identify and assess any vulnerabilities.
Network security assessment is an evaluation of a computer network's security posture to identify vulnerabilities and weaknesses.
Mobile security scanning is a crucial aspect of ensuring the integrity and safety of mobile applications.
Mobile penetration testing, also known as mobile app security testing or mobile pentesting, is a security assessment that aims to identify and exploit vulnerabilities in mobile applications.
Penetration testing (pentesting) for the General Data Protection Regulation (GDPR) helps organizations assess and improve their data security posture to comply with the stringent requirements of the GDPR.
Digital Brand Protection is a comprehensive strategy that organizations employ to safeguard their brand's reputation,
intellectual property, and online presence from various threats and unauthorized uses.
Cyber Threat Intelligence (CTI) is information that helps organizations understand, predict, and defend against cyber threats.
Continuous Penetration Testing (CPT) is a cybersecurity methodology that involves regularly testing an organization's systems and applications for vulnerabilities.
Cloud Security Posture Management (CSPM) is a cybersecurity strategy that focuses on identifying and remediating security risks in cloud environments.
Cloud penetration testing is a simulated attack on a cloud-based environment to identify and assess its security vulnerabilities.
API security testing is a crucial aspect of ensuring that application programming interfaces (APIs) are safe and protected from vulnerabilities and attacks.
API penetration testing is a type of security assessment that involves simulating real-world attacks on an application programming interface (API) to identify and assess vulnerabilities.
Attack Surface Management (ASM) is composed of continuous discovery, inventory, classification, prioritization and security monitoring of external digital assets that contain, transmit or process your corporate data.
Dark Web monitoring enables organizations to stay ahead of cybercriminals with proactive intelligence on data breaches impacting their internal systems and trusted third-parties, to timely respond to phishing, fraud, Business Email Compromise (BEC) attacks and Intellectual Property infringements.
Modern-day application penetration testing (or pentesting) spans from traditional web and mobile app penetration testing to emerging IoT and blockchain penetration testing.
Automated penetration testing services and SaaS solutions incrementally substitute traditional human-driven penetration testing, providing greater scalability, efficiency and effectiveness with DevSecOps integrations if implemented and conducted correctly.
Supply Chain Security is gaining in importance as the risks of attacks across the supply chains grow every year. Learn about the solutions that supply chain security can provide.
Domain squatting and phishing have become very popular in recent years, so it's worth learning how to protect yourself from this.
Today, the development of control means over the ever-increasing attack surface due to the growth in the number of endpoints has become a vital necessity. Extended Detection and Response (XDR) technology has become one of the effective solutions.
Recently, there have been more and more reports of companies and users affected by ransomware attacks. Learn more about how to protect from ransomware both your company and yourself.
Docker is a great thing and can save you tons of time and effort. Learn how to use Docker as securely as possible and catch potential threats ahead of time to ensure Docker container security.
Cyber threat intelligence in 2020 once again showed how cybercriminals are able to adapt at lightning speed to current news, so the topic of cyber security gains more popularity and significance.
The ability to work remotely increases the productivity and motivation of employees, but poses new challenges for companies related to information security. What to watch out for and what rules to follow to ensure Work From Home (WFH) Security.
Bring Your Own Device (BYOD) is the concept when employees use their own personal devices in the company's network. This practice is becoming more common in business, while simultaneously bringing new threats to digital security.
About 90% of applications have serious vulnerabilities. OWASP, which regularly analyzes weaknesses and attacks on Web applications, has compiled OWASP TOP-10 - the list of the most dangerous vulnerabilities.
Is it possible to know how vulnerable your project is? It is worth use some of the spread open source penetration testing instruments that are widely used by white hackers around the world, as they assist to figure out holes in safety and fix them in timely manner.
IT security companies often hire trusted white-hat penetration testing hackers to look for weaknesses in the information system for attacks that could be exploited. Pentest as a Service is a cloud service to perform such kind of analysis.
AWS is the largest cloud infrastructure company in the world. At the end of 2018, Amazon Web Services accounted for about 32% of the global cloud market. This popularity of the service makes AWS penetration testing so important, the relevance of which is difficult to overestimate.
The Internet of Things is changing literally every sector of the economy, from households to manufacturing. To support this new round of the industrial revolution, it is necessary to provide reliable protection against cyber threats of all interconnected components for which IoT Penetration Testing is used.
Bug bounty program is an offer by companies, developers, website owners for security researchers to find bugs and vulnerabilities in their website or mobile infrastructure which can be used by hackers to steal data.
The basic tools used to verify the security of information system are tools for automatic data collection on the system and penetration testing. One of the popular and affordable options for self-sustained pentesting is Metasploit.
Today, most organizations understand that digital security cannot do without penetration testing. Kali Linux is one of the most popular software for this.
Kubernetes, as one of the most well-known tools for containerizing application deployment, is of interest to cybercriminals. Learn the main attack vectors, the main vulnerabilities, as well as a set of tools to ensure Kubernetes security against hacking and network attacks.
Magecart is a large group of hackers as well as a typical attack targeting mainly online shopping carts. This kind of attack became very common for the last years. Learn how to protect your online store from the Magecart attack.
The quality assurance of information security is becoming increasingly important for business and one of the trends in this area is Red Teaming. Companies began to show practical interest in Red Team, but not everyone fully understands what Red Teaming is and how it differs from penetration testing.
More and more organizations are switching to cloud services to accelerate business operations and develop collaboration, so the need for cloud security is greater than ever. For this reason, the relevance of cloud penetration testing in 2020 continues to grow.
Cybersecurity requires more and more attention in order to reduce the risks of serious financial and information losses. Among other ways to ensure it Cybersecurity Insurance today is becoming increasingly popular.
Currently, there are numerous approaches to ensuring and managing information security, and the most effective of them are formalized into standards. One of the most important standards today is FISMA Compliance.
Popular card payment systems MasterCard and Visa now require service providers and various merchants to meet PCI DSS compliance requirements. So, this standard becomes a vital part for online trading.
The growth of new IT technologies related to finance and confidential data causes a great need for timely identification of threats and vulnerabilities. For this reason, ethical hacking is becoming more and more demanded today.
The growth of new IT technologies related to finance and confidential data causes a great need for timely identification of threats and vulnerabilities. For this reason, ethical hacking is becoming more and more demanded today.
Without effective application discovery and inventory a company cannot ensure the security of its web or mobile applications, network, managed devices, and, as a result, strategic development.
Insecure web and mobile applications are a key catalyst to the emerging cybercrime wraith. Skyrocketing financial losses and incalculable intangible damages preoccupy all companies and organizations, from SMEs to multinationals.
How can modern e-commerce and online businesses efficiently prevent costly data breaches and avoid harsh legal sanctions by implementing well-though cybersecurity, data protection and privacy? Let’s explore emerging digital risks and antihacking strategies.
Today, healthcare uses electronic document management and a large number of high-tech devices that store patient data, so the US government passed HIPAA security law. Find out in more detail what constitutes the law and how to comply with its requirements in COVID times.
Web application security testing is a non-functional type of software testing that is conducted to detect the vulnerabilities of the application under test and to determine how secure the data and system are from various attacks.
Users willingly install and register in mobile applications, but few ordinary users think about data security. Mobile application security testing is an important element of your security strategy.
Vulnerabilities are weaknesses in websites, mobile applications, or other systems, that hackers can use to seize control and steal data stored. Even the most reliable protection does not completely exclude such danger, so you should regularly use website vulnerability scanner.
Any company from any field of activity today has IT assets. With the growing value of corporate information, the task of proper IT asset management becomes relevant for each company.
Сyber security compliance has become one of the most important aspects of any company's life. Businesses are actively considering the best practices and concepts for cyber security, that would help solve tasks related to risk management.
Nowadays, enterprises tend to hire employees from all over the world, without having to rent large office space. However, this way of working carries with it a lot of data breaches risks due to the exchange of data through public networks and makes Data Loss Prevention an important part of any cyber security strategy.