Collaborate Disseminate
Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States rea… Continue reading Finding software flaws early in the development process provides ROI
Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience. Continue reading Top 10 web application vulnerabilities in 2021–2023
Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed ResumeLooters, successfully infected at least 65 websites between November and December 2… Continue reading ResumeLooters target job search sites in extensive data heist
This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP. Continue reading Selecting the right MSSP: Guidelines for making an objective decision
What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? Continue reading Good, Perfect, Best: how the analyst can enhance penetration testing results
Any organization that’s actively working on managing its cybersecurity risk can’t ignore the risk that goes with third-party vendors having access to its critical systems and customer data. “Up until today, organizations of all sizes … Continue reading MVSP: A minimum cybersecurity baseline to simplify vendor security assessment
ENISA discloses an in-depth analysis of the cybersecurity challenges faced by the connected and automated mobility (CAM) sector and provides actionable recommendations to mitigate them. The CAM sector in a nutshell Today, connected vehicles, environmen… Continue reading CAM sector cybersecurity challenges and how to mitigate them
You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security assessment, analysis and a progression of simulated attacks on an application or netw… Continue reading MythBusters: What pentesting is (and what it is not)
Today, with the world adjusting to the new normal, preparing for cyberattacks requires stringent protective strategies. Experts predict that in 2021, a cyberattack will occur every 11 seconds (nearly twice as frequently as in 2019). Is your network pr… Continue reading Network Penetration Testing: A Primer
Enterprise third-party risk management (TPRM) programs have been around for a half-decade or longer, and at this point most large organizations run one. However, many of these TPRM programs only provide a thin veneer of cybersecurity assurance. Recent … Continue reading Third-party risk management programs still largely a checkbox exercise