Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Tom Hudson (TH), Senior Security Researcher at Detectify, joined the Application Security Weekly podcast to talk about the status quo on web scanners and securing modern web applications. We’ve edited the transcript for brevity and taken some highlights from the pod episode below.

Cloud technology is a powerful tool with unmeasurable potential. Across the globe, companies are harnessing the cloud to propel their business solutions. However, there are always some companies that cannot entirely shift their solutions to the cloud. Thanks to the hybrid cloud model, companies house some of their solutions on their on-premises servers and store the rest of them in the cloud. Most companies have adopted the hybrid cloud model, as it suits both conventional and new-age operations.

I’m excited to announce that Lookout has extended its partnership with Microsoft to ensure our threat telemetry data is easily accessible via the Microsoft Azure Sentinel Security Information and Event Management (SIEM) solution. With this integration, Azure Sentinel users can leverage a rich mobile dataset within the Lookout Security Graph. When it comes to increasing productivity, we want to work smarter.

HSM stands for hardware security module. HSMs are hardware devices. They can be quite small and plugged into the main board of a computer, or they sit side by side in a server rack. They store sensitive data such as private keys. HSMs do not allow you to read that sensitive data back; instead, they expose only cryptographic operations like signing of certificates or encrypting data. This provides stronger protections for storing private keys compared to disks or databases.

Healthcare organizations still seem to think that blocking all access to unapproved cloud storage or cloud collaboration tools means that they’re preventing leakage of sensitive information. But as the old saying goes, “Data flows like water.” Eventually, it’s going to find the holes and escape. Even if a healthcare IT system has water-tight data controls, that’s not the only goal within the organization—and not even the most important one.

Continuing on our exciting and informative webinar series, last week Appknox hosted a webinar on 'Building Org-Wide Software Security Practices'. Organized in association with Xoxoday, the leading technology platform helping businesses manage incentives, rewards, incentives and loyalty programs, I had an amazing discussion regarding various aspects of security when it comes to org-wide business initiatives and so much more with Mr Srivatsan Mohan (VP, Xoxoday).

The Internet of Things (IoT) is a growing concern for today’s digitally-focused businesses. Every connected device you own can add another security concern to your list. If it collects and stores personal information and data, you’ve just added another attractive target for criminals to access your network. In fact, 57% of IoT devices are vulnerable to medium or high-severity attacks.