Best Practices

OWASP Top 10 Security Risks – Part V

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting

[ Read More ]

OWASP Top 10 Security Risks – Part IV

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross-Site Scripting (XSS) Insecure

[ Read More ]

New Year Tips from Security Professionals

Have you included website security as a part of your new year’s resolutions for 2019? Here is a quick retrospective on tips some of our team members shared with us throughout the year. The cost for neglecting security is 10 times greater than the effort to keep it safe. Your brand value takes 10 times

[ Read More ]

Naughty or Nice Websites

Santa Claus is coming! Was your website naughty or nice this year? Here is a quick checklist of the top 10 bad things that can harm your website security and the top 10 good things that can improve your website security. Naughty Websites List If your website falls into any of these categories, this is

[ Read More ]

OWASP Top 10 Security Risks – Part III

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting

[ Read More ]

Fear, Uncertainty, and Doubt

There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and doubt. This practice is widespread in the computer/IT industries at large, but is especially present in the security industry. People don’t want to get hacked—but may also not understand the issues and forces

[ Read More ]

Navigating Data Responsibility

As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made available to everyone. Moving forward, there’s no reason to expect data availability to slow down. In fact, insideBIGDATA claims: There are many sources that predict exponential data

[ Read More ]

A Scam-Free Cyber Monday for Online Businesses

Every year we see an increase in website attacks during the holidays.  While business owners see their sales go up due to promotional Black Friday and Cyber Monday campaigns, hackers are in the background working nonstop to create malicious, fraudulent websites as well as take advantage of legitimate ones. Main Cyber Monday Threats Phishing Pages One

[ Read More ]

PCI for SMB: Requirement 9 – Implement Strong Access Control Measures

Welcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we covered the following: Requirement 1: Build and Maintain

[ Read More ]