Cyber Crime is a serious threat and is becoming more and more costly and dangerous for companies is widely known by now. Most companies know that cybersecurity is an issue; however, cybercrime’s annual revenue still exceeds the investments in cybersecurity.
During the deployment of our frontend to CloudFront we encountered the problem of not being able to configure the HTTP Security Headers, which is an essential configuration for reducing the attack surface of web applications. We resolved this issue using Amazon’s new Lambda@Edge functions to attach the headers before the response is sent to the clients.
To increase SSL/TLS encryption security on the internet, website administrators can set Certificate Authority Authorization (CAA) records. These DNS records determine which certificate authority (CA) is allowed to issue certificates for this domain. Since September 8th, it is mandatory for CAs to check the existence of an ACC record and comply with its content.
Digitalisation in Germany has become a trend. The coalition contract of the newly formed German government has a whole chapter on the topic, and digitalisation was mentioned in every speaker headline at “Digitaler Staat 2018”. A two-day conference, which some call the public sector’s CeBIT, I attended earlier this month. Now that everyone is talking about the topic let’s do a quick reality check of what has happened in Germany.
The sheer range of solutions for web application security can be intimidating for CISOs, Development Managers or basically anyone dealing with vulnerable web applications
According to the 2018 Global Risk Report, the World Economic Forum released this year, and Cyberattacks are amongst the Top 5 Risks for Global Stability in terms of Likelihood and Impact. A data breach caused by a cyberattack can indeed have an incredible impact on any country, corporation or a business owner.
Politicians seem to enjoy the new ways of communication they can have through the internet. Communication is no longer a one way street from politicians to the public but more of a town hall meeting where everyone is invited to share their opinion. Of course, this is mostly good, but this virtual proximity doesn’t come without downside risk.
At Crashtest Security, we provision our infrastructure using Terraform. Therefore we can recreate whole Kubernetes clusters within minutes. We use our Terraform setup also to integrate some external tools such as Vault within our cluster.
The world of IT security can confuse all the different vulnerabilities, exploits and newly emerging trends. In this article, we summarise and shortly explain the top 6 most important web vulnerabilities that managers need to be aware of and tackle constantly.