Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats.
Despite the fact that PCI DSS has been in effect for over a decade, and most merchants are achieving compliance, some of the world’s largest retailers have been hit by to data breaches. The sad truth is that achieving compliance doesn’t guarantee data protection, even for large organizations. For example, more than five million credit card numbers were stolen in 2018 hacks of two major retailers.
Working with a wide variety of customers and technologies often brings interesting challenges and stories that usually end up buried in a support ticket never to see the light of day again. However, after a curious ticket regarding integration of our product into a BitBucket pipeline, we asked WeTek if they would like to contribute an article about this particular problem. Well, here it is, a great article highlighting the subtleties that can trip us up!
Pick up any industry and you will realize that every one has gone through an evolution – from being entirely dependent on humans to being now run majorly by machines and automated processes. There comes a point, for every industry, where in order to function efficiently and effectively operate, automation becomes a necessity.
Organizations in the United Kingdom’s public sector face several challenges in terms of their digital security. Today, these companies must meet an increasing number of regulatory compliance obligations. GDPR likely sits near the top of UK public sector organizations’ list of responsibilities given the penalties they could incur should they fail to adequately protect EU citizens’ personal data.
If you are embracing DevOps, cloud and containers, you may be at risk if you’re not keeping your security methodologies up to date with these new technologies. New security techniques are required in order to keep up with current technology trends, and the Center for Internet Security (CIS) provides free cybersecurity best practices for many newer platforms.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Big news out this week of a serious chained fault on WordPress. If you are running WooCommerce then you had better dive in and check this article to make sure you are not exposed.
Details of a Virtual Box 0-day privilege escalation bug were disclosed on GitHub earlier this week. This was the work of independent Russian security researcher Sergey Zelenyuk, who revealed the vulnerability without any vendor coordination as a form of protest against the current state of security research and bug bounty programs.
Throughout my years working with Unix flavoured environments, one of the headaches I’ve had to deal with is cron. Don’t get me wrong, I love cron, it’s a necessity for any operation of such servers, however, there usually comes a point when the size of list reaches a critical mass that makes visualising the execution times a challenge.
The first thing most of us notice after a major software update is a completely redesigned user interface. However, a new user experience is typically the result of a shift in product focus. In version 2.0, our primary focus was on intelligent data retrieval. The idea was to allow users to work on any file in the same way they would for files stored on their machine(s).
