In relation to medical software applications, the term HIPAA compliant means that the application meets the technical and physical safeguards of the HIPAA Security Rule. If you are hosting an application in a HIPAA-compliant environment then it does not make the application HIPAA-compliant. If you build an eHealth or mHealth app that collects personal data [...]
The Information Commissioner's Office issued the fine – the largest ever for a data protection incident – to the company following an investigation after it found it was easy for hackers to access customer data. Investigators from the ICO found that hackers were able to get into TalkTalk's systems "with ease" and take advantage of [...]
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker). Other ransomware use TOR [...]
You may have heard the term ‘two-factor’ or ‘multi-factor’ authentication. If you haven’t heard of these terms, chances are you’ve experienced this and not even known it. The interesting thing is that two factor authentication is one of the best ways to protect your accounts from being hacked. So what exactly is it? Well traditional [...]
Even if an application has been built following security and defensive coding best practices, it will still require significant testing before it's ready for release. Whether this is routine testing for common vulnerabilities or security-focused penetration testing to pick up on the types of problems that often slip through the cracks, following security best practices [...]
A report accompanied with a rating taxonomy aimed to help researchers and customers to determine appropriate payouts for bugs found by researchers in bug bounty programs has recently been released by Bugcrowd. These tools, especially the Vulnerability Rating Taxonomy (VRT), which details a number of vulnerabilities, classified by severity, are not only useful in the [...]
Cross-site scripting (XSS) is a security vulnerability allowing a user to alter the code that an application delivers to a user which is executed in the user’s web browser. It is most commonly found in web applications affecting the user's browser, but also possible in other applications with embedded web content, such as an interactive [...]
Many businesses understand that it’s important to properly manage their web application security. But in truth, it goes far beyond the need to simply “avoid being hacked”. There are often serious liabilities associated with the failure to properly manage your security. Unfortunately, many of those liabilities are an afterthought. Until of course, there is a [...]
A few weeks back Alert Logic released their latest cloud security report. The report highlights the current rise in web application attacks. In short it states “‘Businesses with a large volume of online customer interactions are targeted for web application attacks in order to gain access to sensitive customer & financial data". This 45% increase [...]
While not being in the worst performing sector for security, retail is one of the biggest targets for attackers and a number of breaches hit the headlines in 2015, the most well known being chain store Target. As retailers process a large volume of payments, they are an obvious target for the theft of financial [...]
