Avatao Blog

The hacker group Lapsus$ claims to have breached Samsung and stolen 190GB of data, including the source code. Here is everything you need to know!

Zero Trust is a security framework requiring all users, whether inside or outside your organization, to be authenticated, authorized, and continuously validated. This allows for security configuration to happen before granting or keeping access to applications or data.

Understanding the importance of API security is just the beginning of an extensive process to secure your APIs from attacks.

The new OWASP Top 10 list has been released to show us the new priorities of security risks that web applications face.

Capture the Flag competitions are one of the best ways to equip your developers with the secure coding skills they need. Learn about the benefits of CTF events in our blog post!

The cloud data system has numerous advantages as well as many dangers. 80% of companies have had at least one data breach in the past months.

Companies understand the way you handle data security has a direct impact on their bottom lines. This has led to most companies requiring all vendors to have a special compliance certificate called an SOC2.

ISO 27001 belongs to the set of security standards that explicitly requires the security training of all employees, including developers responsible for building the products and operating the business infrastructure.

Our team attended Hacktivity, the biggest IT security conference in Central and Eastern Europe – a whole day full of interesting presentations and workshops. Click to see how we liked it!

Most employee passwords fail to follow even the simplest anti-theft precautions, such as creating passwords with a minimum of 12 characters. In a recent study of 15.2 billion passwords, only 2.2 billion were found to be unique.

Cryptocurrencies have been a popular trading asset in recent years. But what are the possible security risks that come with this technology?

Cybersecurity is, by nature, a negative asset. As with any protective measure, one of the biggest challenges is to measure the value (or return on investment, ROI) of cybersecurity. It is even more difficult to get stakeholders – customers, users, and decision-makers – in the company to understand its value.

The increasing threat of security breaches mostly has to do with the increasing amount of information being stored. Although individuals are responsible for most data creation, 80% of all data is stored by enterprises.

The pandemic has spread through the word, affecting almost every industry. We discuss the aspects of CODIV-19 on cybersecurity.

Compliance standards are a valuable but mostly misunderstood part of the corporate culture. Like any other certificate, a compliance certificate demonstrates that the entity/business operates according to a commonly accepted standard and signals trust towards third parties. A successful compliance certificate eases regulatory processes, opens new markets, and in general speeds up revenue generation, which is the key metric for businesses.

Application security is one of the cornerstones of cybersecurity, and it is critical to defend a successful business operation. To strengthen cybersecurity defenses, businesses have to apply rigorous testing and remediate the issues that were found.

What are the key benefits of practical security training for developers? Here are some tips on how you can build a case for a developer security program.

Not a single day goes by without a devastating security breach affecting someone, somewhere. In the first six months of 2019 alone, over 4 billion records around the globe have been exposed due to easily preventable data leaks.

IT security is a really huge topic and until you find your first bug you can’t be sure that you have the required amount of knowledge, luck, and patience. Joining the club of bug bounty hunters as a newbie is hard, so let me share my story with you.

Blockchain-based platforms are becoming increasingly popular due to their ability to maintain a public distributed ledger, providing reliability, integrity, and auditability for transactions without a trusted entity.

Great developers possess a wide variety of skills, from technological expertise to product thinking. You need some of these for your current job, others you just picked up over the years. Nevertheless, it’s all valuable and contributes to the fact that you are seen as a seasoned software engineer.

If you have found a vulnerability and you want to act responsibly, discretion is most important. Always remember you have information that can be exploited by black-hats putting not only the enterprise and its reputation but its users at risk.

A company has to be mature enough to implement a responsible disclosure policy – or at least mature enough to implement its own tailor-made program. Implementing a responsible disclosure policy can show your security consciousness, yet if you do it wrong, the effects can be detrimental.

As the enterprise architecture becomes more and more complex, the task of the Chief Security Information Officer (CISO) becomes overwhelming. CISOs have a tough time finding talented cybersecurity professionals to support their job. In an interesting article in VentureBeat, Nir Donitza and Gal Ringel wrote about the cybersecurity landscape of Israel in 2018, and what it might predict from global cybersecurity. A few of their findings point to some interesting trends.