Web Application Security

­

How to achieve HIPAA Compliance for Medical Software applications?

In relation to medical software applications, the term HIPAA compliant means that the application meets the technical and physical safeguards of the HIPAA Security Rule. If you are hosting an application in a HIPAA-compliant environment then it does not make the application HIPAA-compliant. If you build an eHealth or mHealth app that collects personal data

April 24th, 2019|Web Application Security|

TalkTalk is fined £400,000 after 150,000 customer details were compromised in 2015

The Information Commissioner's Office issued the fine – the largest ever for a data protection incident – to the company following an investigation after it found it was easy for hackers to access customer data. Investigators from the ICO found that hackers were able to get into TalkTalk's systems "with ease" and take advantage of

Ransomware 101 : What It Is and How You Can Protect Yourself

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker). Other ransomware use TOR

What is two factor authentication?

You may have heard the term ‘two-factor’ or ‘multi-factor’ authentication. If you haven’t heard of these terms, chances are you’ve experienced this and not even known it. The interesting thing is that two factor authentication is one of the best ways to protect your accounts from being hacked. So what exactly is it? Well traditional

April 11th, 2016|Web Application Security|

Six Best Practices for Security Testing in the SDLC

Even if an application has been built following security and defensive coding best practices, it will still require significant testing before it's ready for release. Whether this is routine testing for common vulnerabilities or security-focused penetration testing to pick up on the types of problems that often slip through the cracks, following security best practices

The costs of security bugs and why penetration testing can help

A report accompanied with a rating taxonomy aimed to help researchers and customers to determine appropriate payouts for bugs found by researchers in bug bounty programs has recently been released by Bugcrowd. These tools, especially the Vulnerability Rating Taxonomy (VRT), which details a number of vulnerabilities, classified by severity, are not only useful in the

March 17th, 2016|Web Application Security|

A Simple Explanation of Cross Site Scripting

Cross-site scripting (XSS) is a security vulnerability allowing a user to alter the code that an application delivers to a user which is executed in the user’s web browser. It is most commonly found in web applications affecting the user's browser, but also possible in other applications with embedded web content, such as an interactive

The Importance of Finding All Vulnerabilities on Your Web Applications

Many businesses understand that it’s important to properly manage their web application security. But in truth, it goes far beyond the need to simply “avoid being hacked”. There are often serious liabilities associated with the failure to properly manage your security. Unfortunately, many of those liabilities are an afterthought. Until of course, there is a

Latest Report Points to a 45% Increase in Web Application Attacks

A few weeks back Alert Logic released their latest cloud security report. The report highlights the current rise in web application attacks. In short it states “‘Businesses with a large volume of online customer interactions are targeted for web application attacks in order to gain access to sensitive customer & financial data". This 45% increase

Security Scorecard Survey Shows Retail Seriously Under performing in Web Application Security

While not being in the worst performing sector for security, retail is one of the biggest targets for attackers and a number of breaches hit the headlines in 2015, the most well known being chain store Target. As retailers process a large volume of payments, they are an obvious target for the theft of financial