There will always be a natural tension between cybersecurity teams and developers. Developers are paid to create and ship new applications, while security teams are responsible for ensuring that bad things don’t happen when new software is deployed, such as data breaches or loss of business services due to vulnerabilities. While this dynamic can create […]
Public companies in the United States have been aware of the SEC tightening down on reporting security incidents for some time now. With compliance deadlines here, the reality of the situation is becoming more apparent. This piece serves as a recap and checklist for both public and private businesses on what to focus on now […]
Back in 2021, Google introduced a new security standard known as the Minimum Viable Secure Product, in collaboration with other organizations. Now, 2 years later, they have updated this standard. Minimum Viable Secure Product If you are interested, you can read the original announcement from Google. However, in this post, we will focus on the […]
The Security Headers grading criteria is something that doesn’t change often, but when it does, there’s a good reason behind the change. In this blog, I will outline the new grading criteria and the reasons why we’ve made the change. Security Headers For those that aren’t familiar, Security Headers is a free security scanning tool […]
When it comes to web application security testing tools, there are different options available depending on what and how you are testing. However, for a comprehensive assessment of your running applications’ security status, dynamic application security testing (DAST) is highly recommended. DAST is designed to test websites and applications by simulating real attacks and identifying […]
Buzzwords are a fact of life in the tech industry, especially in its more nebulous corners like cybersecurity. As the name implies, they crop up whenever buzz builds around the Next Big Thing. After a while many get overused, bleached out, watered down, or stretched to breaking point until they morph into the next buzzword. […]
Some days, it feels like every application and system out there is getting new functionality based on large language models (LLMs). As chatbots and other AI assistants get more and more access to data and software, it’s vital to understand the security risks involved—and prompt injections are considered the number one LLM threat. In his […]
According to a 2023 Cloud Computing Study, 92% of organizations already host a portion of their IT environment in the cloud, with 66% expected to increase spending on cloud computing over the next year. With an emphasis on building and deploying applications that leverage all the advantages of the cloud, cloud-native security can be an […]
The Common Vulnerability Scoring System (CVSS) has been in need of an update for some time, and in November 2023, CVSS v4.0 was officially released. This new version, designed to address the limitations of CVSS v3.1 and align with current cybersecurity trends, introduces significant changes. One key update is the inclusion of new supplemental metrics […]
As the saying goes, it’s tough to make predictions, especially about the future. And yet everyone tries—whether for planning or in the naive hope of not getting caught off-guard this time. While we do have our own modest tradition of end-of-year prediction posts on this blog, we look to the experts to help us make […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC