Expert analysis
How modern workflows can benefit from pentesting
Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network …
Secure your cloud: Remove the human vulnerabilities
Training to increase employees’ security awareness and change risky behaviours among end users is important, particularly as the future workplace will be hybrid and many …
Use longitudinal learning to reduce risky user behavior
People ignore information that isn’t relevant to them, which is why IT and HR departments have been approaching security training incorrectly for years. Long-form, all-hands …
Risk-based vulnerability management has produced demonstrable results
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: …
Shedding light on the threat posed by shadow admins
Few organizations would purposefully hand a huge responsibility to a junior staff member before letting them fly solo on their own personal projects, but that’s effectively …
APIs in the insurance industry: Accessing a growing world of data
The insurance industry is vast and varied. It can be found in nearly every country in the world, with the earliest references dating back as early as 1750 BC. Modern …
What is threat modeling and why should you care?
While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system …
MythBusters: What pentesting is (and what it is not)
You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security …
The next big thing in cloud computing? Shh… It’s confidential
The business-driven explosion of demand for cloud-based services has made the need to provide highly secure cloud computing more urgent. Many businesses that work with …
Managing and maturing Kubernetes security in the enterprise
The TL;DR version of the Infoworld article went something like this: “Companies are shying away from managing their own Kubernetes clusters and more and more, turning to …
Attackers can teach you to defend your organization against phishing
People click on links and attachments and will, unfortunately, keep clicking even if they should know better. They’ll click for the chance of winning a holiday, or even …
Avoid these CSPM mistakes to increase your cloud security posture
Are you utilizing your cloud services to their fullest? In other words, do you have a comprehensive picture of what’s in your cloud, who put it there, and whether or not it’s …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?