Security needs to be the number one priority for start-ups. Amazon CTO Werner Vogels stated on the Munich Founder Conference Bits & Pretzels why it is so important: “Without security, you have no business”.
The number of serious vulnerabilities per web application is rising each year. Often developers also have to tackle vulnerabilities that they’ve never seen before. These Zero-Day attacks are why development teams need to proactively search for vulnerabilities within their web application before releasing new features to the public.
Last week, I met a start-up that is working on cloud software. Within their team, they have no one with a tech background. The development of their software is completely relying on two agencies.
A new attack on the WPA2 protocol, which is used to encrypt wifi connections, has been published just recently. The attack is something that has been around for over a decade!
Overall you and l are painfully aware of cybersecurity threats; however, business implications are sometimes blurry. That’s why I’d like to address the business impact of the Spectre and Meltdown attack in a bit more detail from the business point of view.
Enforcing security policies on web applications these days is ‘relatively easy’ by using the correct headers in HTTP responses. Take the following example of an application.
A new attack on the standard of encrypting web traffic just got a new famous vulnerability. In fact, the vulnerability is nothing really new—just something from 1998 that reappeared. Cryptographer Daniel Bleichenbacher found the original vulnerability. Therefore the new version is called “Return of Bleichenbacher’s Padding Oracle” — ROBOT.
As managing directors of an IT security company, we had to be present at the 34th Chaos Communication Congress to grasp new developments in the security sphere (and have some fun as well).
Over the last days, there were multiple announcements about the Chrome browser and its new features. From an integrated ad-blocker to trust warnings on websites with no HTTPS encryption. But what is all the fuzz really about?
The times when hacking attacks were unusual and only happened to big companies are over. Hacking private and small or medium-sized companies has become a lucrative environment for many people with sufficient IT knowledge. That is why hacking is an issue facing almost everybody in the modern world. Often companies recognize the problem when it’s already too late, and valuable data (or even money) is lost. I want to show you how you can detect that your website has been hacked and what you can do to prevent such vulnerabilities.