The EQUIFAX USA event of 2017 put into the spotlight an underconsidered aspect of software security: It’s not just our code that we need to secure. The facts of the case are widely known, but, its cause? Not so much. Little is said about the fact that this leak would not have taken place if the developers of the EQUIFAX application had upgraded their Apache Struts web framework to a more secure version.
GDPR Compliance: How Continuous Vulnerability Scanning is Key
Even months after interest in GDPR compliance peaked, some companies are struggling to make sure they comply with this new set of regulations aimed at protecting the privacy and security of European citizens. The regulation applies to businesses anywhere as long as their users are in the EU, and with the highest penalties potentially reaching the millions of euros, they’re right to worry.
These are the 10 web vulnerabilities most frequently found by Hackmetrix
After having run thousands of scans on Hackmetrix we can finally say we officially know the 10 most common vulnerabilities we’ve found across every site we scanned.
Hackmetrix reconocida como una valiosa herramienta de escaneo por el CSIRT
A medida que seguimos trabajando para crear el scanner de seguridad más fácil de utilizar y dev-friendly del mercado, de vez en cuando nos encontramos con cosas que nos hacen estar orgullosos no solo del producto que estamos desarrollando, sino también de cómo es reconocido por otros.
Should you care about XSS in Vue.js?
Let’s get the obvious part of this article out of the way first: if you don’t sanitize your data you’ll always be vulnerable to cross-site scripting (XSS) attacks, no matter what framework you use.
10 Security Tips to Protect your Business
Most CTOs today have a software engineering background but have only limited knowledge about securing applications at scale.
How we check your security status
What do we do?
If you are reading this, you’ve probably already heard about us, and in this post I do not want to talk about “Who we are” , instead I’d like to talk about How we check the Security Status of your company from the outside with almost no information other than your domain name.
November: New launch and what we’ve been up to
We have entered the final stretch and we want to provide everyone in our community with an update on our progress and upcoming plans. Back in July we outlined a set of initiatives and have made significant progress on them since.
How to whitelist IPs on AWS, DigitalOcean, and Cloudflare
One of the first things that we ask from our users after they create their Hackmetrix account is to whitelist our IP addresses in their firewall rules.
Big Oops: Google+ to shut down after leaving up to 500,000 users exposed
- A bug in the Google+ API left data like name, email address and gender of up to 500,000 users exposed
- Google patched the issue earlier this year and didn’t find any evidence of the data being misused
- This is the final nail in the coffin for Google+, which will be shut down by the end of 2019
In the past couple years we’ve seen a few giants either fall under scrutiny for how they’ve handled their user’s personal information –ahem-Facebook!-, or straight up had their user data held for ransom as was the case with Uber.