Fully know your attack surface
Cybersecurity Tips and Tricks
While cybersecurity is a technical discipline — and we all love technical how-tos and in-depth tool reviews that empower our security toolkits — there are also strategic concepts and security basics we uphold as pillars of the industry.
Whether you’re a security veteran, just starting out in infosec, or simply want to know more about the security concepts and practices that shape the decision-making process in any modern organization, we’re here to help.
In our “Cybersecurity Tips” section you’ll find information about true cybersecurity basics including security automation, threat intelligence, social engineering, ransomware, and indicators of compromise, as well as updates on new attack methods and cybersecurity trends such as quantum computing, DevSecOps, security through obscurity, and more.
Each blog post will lead you through these concepts and their history, and we’ll get down to the nitty gritty on our subjects along with best practices and helpful tips on ensuring protection.
Front-End Security: 10 Popular Types of Attacks and Best Practices to Prevent Them
Your web application’s front end is the first part seen everywhere. It’s the first thing that regular users and potential customers looks at but it’s also the first thing that an attacker sees—it’s the main door to your attack surface.
Residential Proxies: Types, Usage and Dangers in Cybersecurity
Privacy concerns over a flurry of egregious corporate breach scenarios continue to upend just about any other ‘hot’ technology-related topic out there—a direct reflection of the turbulent digital landscape we find ourselves in and a constant influx of hedonic platforms (e.g., social media) making indiscriminate use of personal data, albeit the dire consequences.
What Are Clickjacking Attacks and How Can You Prevent Them?
The ever increasing usage of web applications via mobile devices, installing and launching of malicious apps, GPS location leaks and financial fraud have made clickjacking attacks a lot more dangerous than understood previously. Lack of device security has also made it possible for clickjacking attacks to be a vector for targeted attacks into our personal lives.
Man-in-the-Middle Attacks: When Three’s a Crowd
When you’re browsing the web, you would expect that your communications and the information exchanged are kept private, having not been tampered with in transit. Whether it’s merely login credentials, personally identifiable information or even bank account details, we exchange a lot of information on the Internet every day—and while we expect the utmost security, that certainly isn’t the rule.
Why Not to Set Domains to Private IPs
“An ounce of prevention is worth a pound of cure.” ― Benjamin Franklin The concept of risk is ubiquitous across the cybersecurity landscape. In this day and age, it is difficult to envision any security-conscious organization not having alluded, hopefully more than once, to the serious consequences attached to avoiding the subject, particularly when it comes to protecting its most sensitive digital assets and personal data.
Top 10 Problems with Your Attack Surface
With the increasing attack surface of web applications, it’s become even more important to identify and understand the most common attack surfaces and how easily problems in your own web application can develop.
Brute Force Attacks: Definition, Types, Examples and Protective Measures
The problem-solving principle of Occam’s Razor that claims that “the simplest solution is almost always the best” also applies to the realm of cybercrime.
Top 5 Tips for Securing Your Dev & Test Environments, and Why You Should
In his seminal work, The Mythical Man-Month, Frederick Brooks Jr. tells us that software development is homologous to a tar pit where many efforts flounder regardless of the appealing nature of the task or the relative tractability of the underlying physical medium. In what he calls one of the “woes of the craft”, the author goes on to explain that the pervasive optimism among programmers regarding the conception of a software project is rarely maintained after we take into account the set of complex interdependencies commensurate with others’ skills and objectives.
5 AWS Misconfigurations That May Be Increasing Your Attack Surface
Not all data breaches are created equal. While many remain the product of technical prowess so often associated with malicious actors, a burgeoning amount can be attributed to security misconfigurations and overly-permissive entitlements plaguing cloud ecosystems around the globe. Close to 70 percent in fact, according to a survey conducted by Ermetic, an identity and data protection firm.
What is Privilege Escalation? Types, Techniques and Prevention
When attackers attempt to steal data, having insider access to a system is their best bet. And if that insider access is gained through a privileged account that holds the keys to critical systems and data, that would be like hitting the jackpot—but only for the attackers. This is why we consider privilege escalation, the attempt to compromise an account and then expand its privileges, a key component of nearly all advanced cyber attacks.