The effectiveness of external attack surface management (EASM) and third-party risk management (TPRM) capabilities hinges on the depth, breadth, and timeliness of the underlying data they are based on. For this reason, Bitsight makes a significant ongoing investment in: The introduction of Bitsight’s next-generation data engine enabled many improvements to our capabilities across all of these areas throughout 2024.

The General Data Protection Regulation (GDPR) is a pivotal framework that governs data protection and privacy for individuals within the European Union (EU). Its implications are far-reaching, affecting organizations worldwide that handle EU citizens' data. Understanding and achieving GDPR compliance is essential to avoid substantial penalties and to maintain trust with customers.

With all of that background from parts 1, 2, and 3 of this series out of the way, let's turn to some practical considerations for real-world web applications. The inherent security restrictions for resources, including cookies and JavaScript, assume that each website contains all of its functionality in one neat, isolated package. But websites often contain content and functionality from multiple websites that trust each other.

At the beginning of June 2024, Bitsight TRACE started analyzing a new CISA KEV vulnerability that had just come out, with the goal of creating a detection capability that could be implemented on an Internet-wide scale.

In the spring of 2024, amid growing international concern about supply chain risk and the trust and reliability of technology suppliers, the United States banned Kaspersky Lab, Inc., the Russia-based antivirus company from providing its products to the US market. The ban went into effect on September 30, 2024. What impact has the ban had on US and global usage of Kaspersky? Has it been effective? A new analysis from Bitsight contains some surprising results.

In an era where digital resilience is vital to corporate health, cybersecurity is a critical governance issue. The partnership between Bitsight and Glass Lewis underscores this reality by providing companies with a forward-thinking approach to assessing cybersecurity as part of Environmental, Social, and Governance (ESG) considerations.

Imagine this: you're at home, eagerly waiting for the new device you ordered from Amazon. The package arrives, you power it on, and start enjoying all the benefits of 21st century technology—unaware that, as soon as you powered it on, a scheme was unfolding within this device. Welcome to the world of BADBOX. BADBOX is a large-scale cybercriminal operation selling off-brand Android TV boxes, smartphones, and other Android electronics with preinstalled malware. What does this mean?

This is a continuation of our series on web application security. If you haven't already read through parts 1 and 2, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: what are request methods, including the POST request method, and how does logging out of a website work when it comes to cookies and session IDs? Let's also tackle the more important issue of how to combat cross-site request forgery (CSRF) attacks.