Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every Global 5000 from attacks on keys and certificates is at least $53M.” The report also notes that “54 percent of organizations admit to not knowing where all keys and certificates are located, which means they do not understand how they are being used or what should be trusted.”
Posted in Cloud Security | Comments Off on A primer on protecting keys and secrets in Microsoft Azure
Computing security is an interesting space. One of the main aspects that makes it interesting is that there are many security terms that are ambiguous. With some words, we have no idea why we’ve come to use them! While these buzzwords aren’t going away any time soon, here is a list of buzzwords that most of the security industry loves to hate:
Your security is only as good as your weakest link. It’s obvious to the current security world that there is no such thing as 100% secure. However, some organizations guarantee on their website that they are indeed 100% secure. This may seem like a good marketing strategy to attract customers who may not know much about security. It’s also asking for trouble when security professionals notice a claim like this. It is best to steer clear of this term.
When we think of a hacker by that name, a criminal computer nerd comes to mind. You know, the dark shadowy figure in a hoodie that’s sitting behind a fancy laptop. The same figure who steals bank account details with the intention of reeking high-tech havoc.
Posted in Cloud Security | Comments Off on 5 security industry buzzwords we love to hate
In the security industry, we hold the following words near and dear to our work:
Posted in Application Security | Comments Off on The greatest security vulnerability: Humans
A good application security program includes a combination of various secure processes, practices, and different tooling options. Choosing the appropriate vulnerability assessment tools should always be the first step in assessing your web application security. These tools help prioritize vulnerabilities based on severity and report the vulnerabilities to allow for a systematic remediation process. Additionally, there are many tools available to choose from. From freeware to open source and commercial tooling options, finding the right tools to serve your purpose can become daunting.
Choosing the right vulnerability assessment tools
Here are the basic features to look for when choosing suitable vulnerability assessment tools:
Posted in Web Application Security | Comments Off on Vulnerability assessment tools to strengthen your web AppSec stance