Security Penetration Testing Blog

What to Consider When Choosing A Cybersecurity Tech Stack
Nov 25, 2020 / René Milzarek

The evolving nature of cyber attacks has necessitated an overhauled defence deterrence for cybersecurity. Choosing the right cybersecurity tech stack helps administer security from external threats while ensuring you only adopt the tools and platforms relevant to your application and related workflows. As with any other form of technology, cybersecurity requires a combination of security practices (the approach) and software tools (the tech stack).

An Overview of Security Testing Tools in DevOps
Oct 27, 2020 / Felix Brombacher

Strategically, security testing tools blend into a DevOps workflow, essentially forming a DevSecOps model while improving production efficiency and minimising software development costs. Such tools allow you to include testing and remediation of potential vulnerabilities throughout the Software Development Lifecycle (SDLC) as well as post-delivery Run & Maintain phases. Enabling a DevSecOps model ensures developers adopt a secured development and delivery cycle without lagging productivity and attributing ‘security’ at the bottom of the SDLC.

5 Ways to Screw Up Your Website Security
Oct 22, 2020 / Felix Brombacher

This was a lot of fun. Ask a DevSecOps engineer, “how do I screw up my website security?” and you better take a seat because the answer will take a while. In short, there are lots of ways your security can go wrong. Some mistakes are more critical than others, and while many of the pitfalls are widely known, nothing stays still – new vulnerabilities are discovered each day.

How to exploit a Microservice Architecture
Sep 10, 2020 / Felix Brombacher

While DevOps eliminate organizational silos by enabling efficient collaboration, streamlining workflow integration, and automating application delivery. Microservice Architecture acts as an essential enabler to achieve a DevOps model by distributing an application into multiple deployable services. Microservices work as autonomous applications, decoupled from each other, and can be built, scaled, and deployed independently. This lets teams comprehend the application architecture easily and speed up delivery pipelines.

Open Source Under Attack
Aug 26, 2020 / René Milzarek

Sonatypes annual research “2020 State of the software supply chain” uncovers lots of great insights into the open-source world. Open source is such a huge part of modern development that the headline stat of 430% increase year on year of attacks targeting open-source projects should be a wake-up call for all developers.

Microservice Security – What you need to know
Aug 11, 2020 / Felix Brombacher

A microservice architecture, often referred simply as microservices, is a set of grouped services to implement an application. Lately,  development teams prefer microservices, as it facilitates continuous delivery for large applications and adapts easily to the organisation’s needs as its technology evolves and scales up with very minimal effort.

The Importance of Web Application Security During COVID
Aug 07, 2020 / Felix Brombacher

Many companies’ challenge is to change to a remote work setup on short notice and with limited preparation. What is more, critical internal systems are connected to more publicly available endpoints these days. Some short-term actions companies can take now – and some more long-term to stay secure in the long-term.

Manual & Automated – A Comprehensive Pentesting Strategy
/ Felix Brombacher

A proven method of increasing security is to simulate the attack on yourself and fix vulnerabilities before someone else finds them. Traditionally this has been done manually through a penetration tester (a “pentester”) or ethical hacker, someone who specializes in all the techniques used by attackers. A skilled pentester will work through an exhaustive list of vulnerabilities and attempt to find exploits in every area of a web application. It is a time-consuming process but necessary for any business that takes security seriously.

Why Should Cybersecurity Care About DevOps?
Aug 02, 2020 / Felix Brombacher

As a modern cybersecurity professional for a corporation, you may get many headaches when working together with the people responsible for developing applications, the DevOps team (and vice versa). This article tries to explain why this is the case and structure good communication for a fruitful together in the company. Plus, it outlines two concrete strategies for continuously creating more secure applications: security champions and tool integration.

What Is DevOps? (The Non-Technical FAQ)
Jul 31, 2020 / René Milzarek

This FAQ will answer your most burning questions about DevOps.