Tag: Security

  • SAST Tooling – Part 3: The Winner

    Disclaimer: This post is not an endorsement or opposition of any product or tool. Opinions present here is based on our experiences. Please exercise your own independent skill and judgement before you rely on the information in this post. 🙂 This is Part-3 and final part of my blog series on Static Analysis Software Testing […]

  • SAST Tooling – Part 2: The selection criteria

    Disclaimer: This post is not an endorsement or opposition of any product or tool. Opinions present here is based on our experiences. Please exercise your own independent skill and judgement before you rely on the information in this post. 🙂 This is Part-2 of my blog series on Static Analysis Software Testing (SAST) tooling. In […]

  • SAST Tooling – Part 1: Why we ditched Veracode

    This post is Part-1 of multi-part series describing our journey to ditch popular Static Application Security Testing (SAST) tool Veracode and our quest for a better security tool. Background Until recently, our organization used Veracode for security analysis for few our applications. Veracode came with a lot of reputation. It is considered a leader in […]

  • Are you doing HTTPS right?

    Last year, internet reached an important milestone when it comes to web security. More than half of the websites all over the world are now on HTTPS. As the awareness about HTTPS is rising, more and more organizations and individuals are moving their websites to HTTPS.  Certificate authorities like Lets Encrypt which offer free certificates have made […]

  • Add security.txt to your website

    [sg_popup id=”3″ event=”onload”][/sg_popup] Recently, I came across below tweet from security expert Troy Hunt Google now has a security.txt file – so should you! https://t.co/fXmeNG9Yem https://t.co/drbJQ1Ynw8 — Troy Hunt (@troyhunt) February 3, 2018 The tweet talked about a file named security.txt. I went on reading his post to understand what exactly is security.txt and what problem […]

  • Who is mining coins at the expense of your CPU?

    Recently, I came across this article which cited that there are almost 2500 sites that are running cryptocurrency mining code in the browsers. These sites are using out-of-date software with known security vulnerabilities. This gives control to attackers to add a script to generate digital currency at the expense of user CPU and electricity.

  • What is HSTS and why should I care?

    Recently, there was an interesting conversation that happened between security expert Troy Hunt and a leading UK bank, NatWest. It all started when someone on twitter reported about the unsecured landing page of NatWest bank.

  • Do you know who is using your Wifi?

    A few days back, internet at my home was very slow. It took ages to open any webpage. I had found the internet to be slow on earlier occasions as well. But, this time it was just unusable. Out of curiosity, I went to the default gateway of my wireless router. I logged in with […]