Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats.
The U.S. Office of Personnel Management (OPM) has still failed to implement over a third of the recommendations noted by government auditors after the devasting breach the organization faced in 2015.
Despite the fact that PCI DSS has been in effect for over a decade, and most merchants are achieving compliance, some of the world’s largest retailers have been hit by to data breaches. The sad truth is that achieving compliance doesn’t guarantee data protection, even for large organizations. For example, more than five million credit card numbers were stolen in 2018 hacks of two major retailers.
Pick up any industry and you will realize that every one has gone through an evolution – from being entirely dependent on humans to being now run majorly by machines and automated processes. There comes a point, for every industry, where in order to function efficiently and effectively operate, automation becomes a necessity.
Working with a wide variety of customers and technologies often brings interesting challenges and stories that usually end up buried in a support ticket never to see the light of day again. However, after a curious ticket regarding integration of our product into a BitBucket pipeline, we asked WeTek if they would like to contribute an article about this particular problem. Well, here it is, a great article highlighting the subtleties that can trip us up!
Organizations in the United Kingdom’s public sector face several challenges in terms of their digital security. Today, these companies must meet an increasing number of regulatory compliance obligations. GDPR likely sits near the top of UK public sector organizations’ list of responsibilities given the penalties they could incur should they fail to adequately protect EU citizens’ personal data.
If you are embracing DevOps, cloud and containers, you may be at risk if you’re not keeping your security methodologies up to date with these new technologies. New security techniques are required in order to keep up with current technology trends, and the Center for Internet Security (CIS) provides free cybersecurity best practices for many newer platforms.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Big news out this week of a serious chained fault on WordPress. If you are running WooCommerce then you had better dive in and check this article to make sure you are not exposed.
