Cloud security

Latest posts

Deserialization vulnerabilities in Java

Reading Time: 9 minutes Understanding serialization and deserialization vulnerabilities is the first step toward building secure applications. For most developers, it’s a challenge to find the right balance between coding securely and meeting other objectives like tight deadlines. This often results in products that are vulnerable to deserialization attacks which would be otherwise difficult to stage.

JWT handling best practices

Reading Time: 8 minutes The purpose of this post is to present one of the most popular authorization manager open standards JWT. It goes into depth about what JWT is, how it works, why it is secure, and what the most common security pitfalls are.

Interview with Christian Martorella, Skyscanner

Reading Time: 8 minutes Software development and application security go hand-in-hand. We asked the CISO of Skyscanner about this crucial relationship.

Ruby needs security

Reading Time: 10 minutes Every year, Ruby is becoming more and more popular thanks to its elegance, simplicity, and readability. Security, however, is an issue we can’t afford to neglect.

Understanding the importance of vulnerability management

Reading Time: 8 minutes New security vulnerabilities are discovered every day. The common goal of everyone, including attackers, is to detect these security vulnerabilities.

Interview with Gábor Molnár, Google

Reading Time: 6 minutes Being up-to-date with the latest information security trends is not easy. Deploying them on a regular basis is even harder. We asked an expert for best practices!

Cybernews: Interview with Márk Félegyházi, Avatao

Reading Time: 8 minutes Cybernews asked our CEO Mark about the importance of secure coding training, current security challenges, and more!

Source code under attack: the Samsung breach

Reading Time: 10 minutes The hacker group Lapsus$ claims to have breached Samsung and stolen 190GB of data, including the source code. Here is everything you need to know!

Zero trust security

Reading Time: 9 minutes Zero Trust is a security framework requiring all users, whether inside or outside your organization, to be authenticated, authorized, and continuously validated. This allows for security configuration to happen before granting or keeping access to applications or data.

4 API testing methods

Reading Time: 7 minutes Understanding the importance of API security is just the beginning of an extensive process to secure your APIs from attacks.

Automotive security – Interview with Jozef Szakál, Audi Hungaria

Reading Time: 9 minutes Today’s vehicles are equipped with software to make driving a safer and more enjoyable experience. But what about the cybersecurity risks? We asked an expert!

OWASP 2021

Reading Time: 10 minutes The new OWASP Top 10 list has been released to show us the new priorities of security risks that web applications face.

The main benefits of CTF competitions

Reading Time: 7 minutes Capture the Flag competitions are one of the best ways to equip your developers with the secure coding skills they need. Learn about the benefits of CTF events in our blog post!

Top Cybersecurity Threats in 2021

Reading Time: 9 minutes 2021 is coming to a close, and it’s time to take stock of the security lessons we’ve all learned this year. This way we can better understand and prepare for the security threats we’ll face next year.

The Media Markt attack: Dangers of ransomware

Reading Time: 8 minutes Ransomware attacks have been on the rise lately. Europe’s largest electronic supply store is the latest victim of this growing threat.

Why is Cloud Data Privacy Important?

Reading Time: 9 minutes The cloud data system has numerous advantages as well as many dangers. 80% of companies have had at least one data breach in the past months.

Why you need SOC2 compliance as a third party vendor

Reading Time: 8 minutes Companies understand the way you handle data security has a direct impact on their bottom lines. This has led to most companies requiring all vendors to have a special compliance certificate called an SOC2.

Secure coding training for ISO 27001 compliance – Avatao

Reading Time: 7 minutes ISO 27001 belongs to the set of security standards that explicitly requires the security training of all employees, including developers responsible for building the products and operating the business infrastructure.

Hacktivity 2021 – Our experiences

Reading Time: 8 minutes Our team attended Hacktivity, the biggest IT security conference in Central and Eastern Europe – a whole day full of interesting presentations and workshops. Click to see how we liked it!

Best practices to prevent a password breach

Reading Time: 8 minutes Most employee passwords fail to follow even the simplest anti-theft precautions, such as creating passwords with a minimum of 12 characters. In a recent study of 15.2 billion passwords, only 2.2 billion were found to be unique.

Are my coins safe? Cybersecurity in cryptocurrencies

Reading Time: 11 minutes Cryptocurrencies have been a popular trading asset in recent years. But what are the possible security risks that come with this technology?

Why cybersecurity is important for business

Reading Time: 7 minutes Cybersecurity is, by nature, a negative asset. As with any protective measure, one of the biggest challenges is to measure the value (or return on investment, ROI) of cybersecurity. It is even more difficult to get stakeholders – customers, users, and decision-makers – in the company to understand its value.

Security breaches then and now

Reading Time: 11 minutes The increasing threat of security breaches mostly has to do with the increasing amount of information being stored. Although individuals are responsible for most data creation, 80% of all data is stored by enterprises.

Coding vs secure coding: 6 rules to live by

Reading Time: 8 minutes Security breaches can impact any organisation. Insecure coding practices may result in increased security risk, and put businesses in jeopardy. Click to read our post about 6 secure coding rules to live by!

Teaching security: Interview with Cybrary’s Jonathan Meyers

Reading Time: 7 minutes What are the best ways to teach cybersecurity to teams and individuals? How can you motivate developers to improve their security skills? We asked Jonathan Meyers, Head of Cybersecurity at Cybrary.

Max out your developers’ potential with relevant security training

Reading Time: 7 minutes Even though security has started to become a growing concern, the immense pressure to ship applications on time means that instead of being an integral part of the development process, for most teams it’s still an afterthought.

How I got started with IT security – Gábor Pék, CTO at Avatao

Reading Time: 10 minutes How do you start learning IT security? What’s the difference between the offensive and the defensive way?
Our CTO, Gábor, shares how he got involved in the world of cybersecurity and gives you some useful tips.

Secure coding training for PCI DSS compliance

Reading Time: 8 minutes In payment transactions, security is critical, and any weakness does not only compromise the data, but can result in credit card fraud that causes huge losses for the stakeholders.

Most common software vulnerabilities during COVID-19

Reading Time: 8 minutes The pandemic has spread through the word, affecting almost every industry. We discuss the aspects of CODIV-19 on cybersecurity.

IT security in finance: Interview with FNZ’s Kevin Fielder

Reading Time: 9 minutes Banking information, login credentials, insurance numbers. A few of the data stored by many financial institutions. We asked an expert about the best practices to protect these information.

Sensitive data exposure – It’s in your hands

Reading Time: 9 minutes Exposing data, especially sensitive data, is a long-time-coming threat. Since personal information such as addresses, payment details, non-hashed passwords, config files, and so on are very popular targets among attackers, it’s obvious that sensitive information is supposed to be protected from unauthorized access.

Compliance training – Security awareness by design

Reading Time: 10 minutes Compliance standards are a valuable but mostly misunderstood part of the corporate culture. Like any other certificate, a compliance certificate demonstrates that the entity/business operates according to a commonly accepted standard and signals trust towards third parties. A successful compliance certificate eases regulatory processes, opens new markets, and in general speeds up revenue generation, which is the key metric for businesses.

Don’t just look for security issues, discover root causes!

Reading Time: 12 minutes Application security is one of the cornerstones of cybersecurity, and it is critical to defend a successful business operation. To strengthen cybersecurity defenses, businesses have to apply rigorous testing and remediate the issues that were found.

Python best practices and common issues

Reading Time: 10 minutes Python is a high-level, flexible programming language that offers some great features. To be as effective as possible, it is important to possess the knowledge to make the most out of coding with Python.

Where the money is: Financial cybersecurity

Reading Time: 8 minutes Money management moves towards complete automation, and the evolution of cybercrime follows along. The money heist has changed, we all know that. Cyberspace takes more and more of that cake, but the reason behind attacks remains the same: money, in any form.

Network compromised: Security Issues in Telecommunication

Reading Time: 8 minutes Telecommunications is everywhere. Hence, this area is more exposed to external threats than others. It is crucial to ensure a strong line of defense in this industry, so your entire organization has up-to-date protection and is aware of best practices.

Security Champions: Interview with Alexander Antukh, Glovo

Reading Time: 8 minutes Security champions represent an essential part of any security programs. They lead their teams on security projects, ensure internal security and help keeping security on the top of your mind. But how exactly they operate in a business? We asked Alexander Antukh, Director of Security at Glovo for professional insights.

How to turn your developers into security champions?

Reading Time: 10 minutes Security champions play a vital role in establishing and maintaining a security culture in an engineering organization. See how to turn your developers into security champions!

Why do you need a security champions program?

Reading Time: 8 minutes As the company grows the leadership wants to establish a security program to ensure the solid and undisrupted operation of the business. Security at this point is essential, especially when calculating the loss from a halted business, even for a few hours.

What’s next? – OWASP Top 10 2021

Reading Time: 11 minutes OWASP Top 10 Vulnerabilities in 2021 based on the non-official proposal of Ivan Wallarm. Here is what we know.

5 Steps your security program should include

Reading Time: 7 minutes For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.

5 Key Challenges Of Building a Security Training Program – Avatao

Reading Time: 8 minutes To build an enterprise security program, one has to go back to the well-known fundamentals of organizational change: People, Process, and Technology (originates from Harold Leavitt’s “Applied Organization Change in Industry”, 1964).

Getting started with Kotlin

Reading Time: 9 minutes If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin, or Scala. Programmers like to try new things out but is it worth it to pick one of them over Java?

Tutorial Framework: Containerizing Cybersecurity Knowledge

Reading Time: 10 minutes How can we make security education a whole lot more accessible and fun? The tutorial framework is the answer. In this article we dive into how to create interactive learning environments running inside containers.

Docker: Life Before and After

Reading Time: 12 minutes Containers have been around for over a decade. Yet before Docker’s explosive success beginning in 2013 they were not wide-spread or well-known. Long gone are the days of chroot, containers are all the rage, and with them, we have a whole new set of development and security challenges.

Security training: Invest in your Developers

Reading Time: 8 minutes What are the key benefits of practical security training for developers? Here are some tips on how you can build a case for a developer security program.

Back to school – Cybersecurity is missing from college campuses

Reading Time: 6 minutes Not a single day goes by without a devastating security breach affecting someone, somewhere. In the first six months of 2019 alone, over 4 billion records around the globe have been exposed due to easily preventable data leaks.

XSS Case Study

Reading Time: 7 minutes Explore the key elements of this Cross-Site Scripting vulnerability in the Google search engine.

A quantitative approach to Data Protection Impact Assessment

Reading Time: 7 minutes Ever-increasing amounts of information are produced, stored, processed, and transferred enabling products and services across all industries. A substantial amount of this information relates to an identified or identifiable natural person i.e., its personal data. The processing of personal data can, unfortunately, also summon risks to individuals’ rights and freedoms, sometimes materializing in real harm.

How to avoid issues with DNS security and privacy

Reading Time: 8 minutes Even if you use HTTPS, your browsing habits can still be tracked by observing your DNS queries. Besides the lack of confidentiality, plain old DNS doesn’t provide data integrity and authenticity either. This article discusses DNS security and privacy and points out the problems that can arise from lacking in these attributes and gives some tips on how to remedy them.

Keep your cloud environment secure

Try for free

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cloud security

Latest posts

Keep your cloud environment secure

Follow us

Secure coding training

Resources

Company

About