HackDig : Dig high-quality web security articles

What is Bundesamtes für Sicherheit in der Informationstechnik (BSI)?

span class="entry-content post-content">Have you ever confused your acronyms?  Perhaps you have laughed when someone has had to explain some of the acronyms used in text messages.  Business, and especially technology acronyms are almost as plentiful as text acronyms.  There are few things as embarrassing as being in a business meeting, and mis
Publish At:2022-03-30 02:07 | Read:805 | Comments:0 | Tags:Featured Articles Government Complaince Germany Information

ISO27001:2022 – A New Way of Working

It has been a long time coming! The upgrade to the international standard for information security management systems, ISO27001:2013, is here (almost).Hallelujah!If you’re reading this article, then there’s a reasonable assumption that you know what ISO27001 is and you’re not going to be too worried about the back story. But let’s all
Publish At:2022-01-25 02:06 | Read:976 | Comments:0 | Tags:Security Controls compliance Governance GRC ISO 27001 risk s

Cybersecurity in 2022 and Beyond

It’s that time of year that the usual happens. Christmas crackers with bad jokes. Holiday specials on TV (constantly). And cyber specialists like me make predictions about the year to come. With the help of insights from Gartner and my own views on what we are likely to see in 2022, I think I can help you with a couple of these. Firstly, it’s wor
Publish At:2021-12-22 02:05 | Read:3024 | Comments:0 | Tags:Featured Articles 2022 compliance data Gartner standards thi

IoT Devices Built to Meet Cybersecurity Needs

The Internet of Things (IoT) includes items such as smart appliances, smartwatches, and medical sensors.  For organizations to enjoy all of the benefits and convenience of IoT devices, enterprise customers must fully understand the potential risks and threats to their systems and the underlying data. IoT devices often lack built-in security control
Publish At:2021-09-08 00:39 | Read:2943 | Comments:0 | Tags:Internet of Things compliance IoT IoT security standards sec

Failing to Meet Cybersecurity Standards Can Have Legal Consequences for Companies

Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million, the business case for cybersecurity has never been stronger. Still, some businesses seem to misunderstand the urgency of meeting current cybersecurity standards.It may help to consider the legal conseque
Publish At:2021-08-30 00:39 | Read:4630 | Comments:0 | Tags:Regulatory Compliance fines legal legislation standards secu

Chaos Theory of Standardization in IOT

There are numerous standards being followed currently in the IOT space to connect various devices but no single global framework is followed. As Chaos theory focuses on the initial condition of every event meaning that their future behavior is fully determined by their initial conditions, I feel that the IOT scenario is also currently at an initial juncture
Publish At:2016-05-07 07:05 | Read:7267 | Comments:0 | Tags:Breaking News Internet of Things IoT security standards

Underwriters Labs refuses to share new IoT cybersecurity standard

UL, the 122-year-old safety standards organisation whose various marks (UL, ENEC, etc.) certify minimum safety standards in fields as diverse as electrical wiring, cleaning products, and even dietary supplements, is now tackling the cybersecurity of Internet of Things (IoT) devices with its new UL 2900 certification. But there's a problem: UL's refusal to fr
Publish At:2016-04-13 21:20 | Read:7000 | Comments:0 | Tags:Gear & Gadgets Risk Assessment iot open standards standards

Why Algebraic Eraser may be the riskiest cryptosystem you’ve never heard of

A potential standard for securing network-connected pacemakers, automobiles, and other lightweight devices has suffered a potentially game-over setback after researchers developed a practical attack that obtains its secret cryptographic key.Known as Algebraic Eraser, the scheme is a patented way to establish public encryption keys without overtaxing the limi
Publish At:2015-11-18 00:40 | Read:7663 | Comments:0 | Tags:Risk Assessment Technology Lab cryptanalysis cryptography In

SANS 2015 State of Application Security

The SANS Institute has published this year's survey results about application security programmes.In a change to last year's report the authors of 2015 State of Application Security: Closing theGap have identified and broken down their analysis and reporting into two groups of survey respondents - builders and defenders.Jim Bird, Eric Johnson and Frank Kim a
Publish At:2015-05-18 09:00 | Read:6571 | Comments:0 | Tags:testing information assurance disposal development maturity

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:12306 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

Software Assurance Maturity Model Practitioner Workshop

The OWASP Open Software Assurance Maturity Model (Open SAMM) team are holding a summit in Dublin at the end of March.As part of the two-day Open SAMM Summit 2015 a full day is being allocated to software assurance practitioners and those who want to learn about using the vendor-neutral and free Open SAMM to help measure, build and maintain security throughou
Publish At:2015-02-21 02:50 | Read:6494 | Comments:0 | Tags:testing corrective standards maturity preventative technical

Two ENISA Reports on Cryptography

At the end of last week, the European Union Agency for Network and Information Security (ENISA) published two reports on the use of cryptography.Algorithms, Key Size and Parameters 2014 (PDF) provides guidance on appropriate cryptographic protective measures for the protection of personal data in online systems. The report defines primitives/schemes that can
Publish At:2014-11-25 22:50 | Read:6168 | Comments:0 | Tags:privacy data protection technical standards guidelines preve

HTTP Security Headers

Earlier this year there was a useful post about implementing Hypertext Transfer Protocol (HTTP) security headers from Veracode.On Wednesday in a follow-up post, Isaac Dawson presents an analysis of the security headers of the top one million web sites, and compares the findings with a similar assessment in March. That's quite a lot of sites, but not enough t
Publish At:2014-10-24 07:45 | Read:8141 | Comments:0 | Tags:XSS policies standards hosting trust guidelines technical co

Application Security and Privacy Mapping 2014

The chart detailing the most important guidance, standards, legislation and organisations that can influence mobile and web application development security and privacy in the UK has been comprehensively updated.Principal Influences on UK Applications is managed by me and published on my company's web site as a mind map diagram and text tree, together with a
Publish At:2014-10-11 10:45 | Read:6931 | Comments:0 | Tags:policies standards legislation administrative information as

OWASP Testing Guide v4

The OWASP Testing Guide team of volunteers has announced the publication of version 4 of the OWASP Testing Guide.The creation of version 4 (PDF, HTML) lead by Andrew Muller and Matteo Meucci. The guide is the de-facto standard for performing web application penetration testing.Following an initial overview, introduction and discussion of testing objectives,
Publish At:2014-10-07 19:50 | Read:7994 | Comments:0 | Tags:vulnerabilities technical standards procedures testing


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud