The latest security technology and best practices to secure software applications, vulnerabilities and code.

  • Getting Started with the Burp Suite: A Pentesting Tutorial

    Burp is one of the top-rated security suites for pentesting and ethical hacking. While there are paid professional and enterprise editions, you can install the community edition for free and even use it directly from Kali Linux. The Burp suite is widely used by security professionals to perform advanced scans and various traffic interceptions (e.g.,… Read more

  • Security Researchers Find Nearly 400,000 Exposed Databases

    Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Researchers at Singapore-based cybersecurity company Group-IB recently discovered thousands of databases exposed to the internet that could have been exploited when they were left unprotected. The Attack Surface Management team at Group-IB said it constantly scans the IPv4… Read more

  • MFA Advantages and Weaknesses

    Not everyone adopts multi-factor authentication (MFA) to secure their accounts. Many stick with simple username and password combinations despite the weaknesses of this authentication method. Yet if someone wanted to enable MFA, which option should they use? Each MFA option suffers vulnerabilities and creates user friction, so IT managers need to select the MFA option… Read more

  • 10 Top Active Directory Security Tools for 2023

    Identity management plays a critical role in every IT security strategy. Microsoft’s identity and access management tools dominate the enterprise market, with more than a 50% market share between Active Directory (AD) for Windows and Azure servers. And that makes Active Directory a frequent target for hackers. Despite the wide adoption, AD’s native interface can… Read more

  • Protecting Against the Spring4Shell Vulnerability

    Spring4Shell (CVE-2022-22965) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name from the Log4Shell vulnerability, one of the most critical zero-day threats ever, which affected a Java software component called Log4j and allowed hackers to take control of web servers and networks.… Read more

  • SAML: Still Going Strong After Two Decades

    SAML is an open standard facilitating the communication and verification of credentials between identity providers and service providers for users everywhere. In 2005, the open standard consortium OASIS released SAML 2.0 to broad appeal. As smart mobile devices boomed, so did the number of web applications and the need to address never-ending logins. SAML was… Read more

  • Addressing Remote Desktop Attacks and Security

    The Remote Desktop Protocol (RDP) has long been essential for IT service management and remote access. Still, in the wrong hands, RDP attacks and vulnerabilities related to remote desktop software are a severe threat. Recent years presented a torrent of research showing how vulnerable RDP systems are for organizations not taking additional cybersecurity precautions. Because… Read more

  • 10 Best DevSecOps Tools

    The growth of DevSecOps tools is an encouraging sign that software and application service providers are increasingly integrating security into the software development lifecycle (SDLC). The top DevSecOps vendors offer a comprehensive suite of application security testing tools, including static application security testing (SAST), dynamic and interactive analysis testing (DAST and IAST), and software composition… Read more

  • Russia, China May Be Coordinating Cyber Attacks: SaaS Security Firm

    A SaaS security company says a spike in cyber attacks from Russia and China in recent weeks suggests the two countries may be coordinating their cyber efforts. SaaS Alerts, which helps managed service providers (MSPs) manage and protect customers’ SaaS apps, mentioned the finding in conjunction with the release of its annual SaaS Application Security… Read more

  • Three Ways to Protect Unfixable Security Risks

    How can a hospital protect an MRI machine with an unchangeable password and still connect it to the network? How can an industrial recycler safely secure its $400,000 hard drive recertification rack with control software that only runs on Windows XP? These are not uncommon risks. The devices themselves can’t be secured, but that doesn’t… Read more

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis