Author Archives Zbigniew Banach

DevSecOps, or Development, Security and Operations, is a software development methodology that integrates security checks and practices into DevOps processes. Implementing DevSecOps requires organizations to adopt a security-first mindset and use automated security validation in their DevOps pipeline. This article looks at the evolution of methodologies towards DevSecOps and shows what tools can be used to ensure security in agile web application development. Read More

Cyberattacks are an inevitable part of everyday business for organizations of all sizes worldwide. Despite growing awareness of the consequences of a successful attack, many organizations still downplay the associated risks. A cyberattack can have devastating and long-lasting consequences for the entire organization, and in this article, we will look at 5 crucial ways that a cyberattack can hurt your business. Read More

Code injection, also called Remote Code Execution (RCE), occurs when an attacker exploits an input validation flaw in software to introduce and execute malicious code. Code is injected in the language of the targeted application and executed by the server-side interpreter. Any application that directly uses unvalidated input is vulnerable to code injection, and web applications are a prime target for attackers. This article shows how code injection vulnerabilities arise and how you can protect your web applications from injection. Read More

HTTPS has become the protocol of choice for any serious website, but enforcing the use of HTTPS instead of HTTP requires the HTTP Strict Transport Security header, or HSTS. Using the HSTS header, the server informs the visiting browser that only the HTTPS version of the requested site is available, and plain HTTP will not be served. In this article, we will look at the history of HSTS, see how it works and how to set it up, and learn why using it can actually drive traffic to your website. Read More

Organizations are consistently reporting increased numbers of cyber incidents, with data breaches and ransomware infections fast becoming a common occurrence. Solid security procedures and good planning can go a long way towards preventing many incidents but when things go wrong, you have to be prepared for recovery. In this article, we will look at 7 key aspects of planning for cyber incident recovery to maintain business continuity and minimize costly downtime. Read More

With so many businesses dependent on web and cloud technologies, sooner or later every organization may need to handle a web cyber security incident. Having a cyber security incident response plan (IR plan) is crucial for maintaining business continuity and recording information to manage any incident and its aftermath. This article looks at how you can plan your web security incident responses, what threats you need to consider, and why having an effective and tested response plan is a necessity for modern organizations. Read More

This article presents an overview of session hijacking, common attack methods with examples, and the dangers of successful hijack attempts. You will also learn how to protect your data from hijacking threats. Read More

Clickjacking attacks attempt to trick the user into unintentionally clicking an unexpected web page element. Most clickjacking methods exploit vulnerabilities related to HTML iframes and prevention centers around preventing page framing. In this blog post, we will see how clickjacking works, how it can be prevented, and why this threat to application security is not going away any time soon. Read More

This article explains what is privilege escalation, what are the types of privilege escalation (horizontal and vertical) and how can privilege escalation endanger your systems. It also examines typical privilege escalation scenarios and teaches you how you can protect user accounts in your systems and applications to maintain a good security posture. Read More