There are a set of best practices that can be used to build security into applications that use databases to send, retrieve, and store data including appropriate input validation and the use of prepared statements.  You...

While Cloud applications are vulnerable to many of the traditional threats described by OWASP and the CWE dictionary, there are also unique threats that development teams must understand in order to properly mitigate risk...

The OWASP Top 10 groups common web application vulnerabilities into broad categories, helping to focus teams on key web application security activities. On the surface, this makes sense. I teach a Web Application Security...

The Internet of Things (IoT) is growing at such a fast rate that it can feel out of control. Almost 23 billion devices will be connected by 2021, tripled from 2016. With such explosive growth, where everything from...

If you didn’t know about malware, you certainly do now. Ransomware, a form of malware – or malicious software – is a trojan virus designed to block access to a computer system and theoretically hold it hostage until a sum...

On Thursday, President Trump signed an executive order (EO) that instructs federal agencies to use cybersecurity best practices to further secure their IT systems. I applaud the acknowledgement that the US government “has...

I recently had the pleasure of attending and presenting at the Ponemon Institute’s Responsible Information Management (RIM) Renaissance Event, an annual invitational event that brings together a great mix of esteemed...

PCI DSS requires that organizations build and maintain a secure network, including the secure configuration of firewalls and routers. By leveraging network security controls, organizations can prevent criminals from...

Security Innovation has built a fun and engaging vulnerability hunting training ground we call CMD+CTRL. We’ve designed 5 separate vulnerable websites and an insecure Android mobile app of differing levels of difficulty...

When it comes to personal security best practices, there are some pieces of advice that are universally good ideas: