What is network testing?

Many businesses will test their network to make sure it’s functioning properly and providing the right level of service for users. It therefore serves to guarantee working efficiency for internal processes and, where products and services are sold online, ensure a smooth customer experience. However, network testing is also important for business cyber security.   In […]

Read More

How to conduct a self-assessment for cyber essentials

Cyber essentials is a government-backed scheme designed to support the development of all UK businesses. Nevertheless, there are various requirements for organisations to meet the level of cyber security outlined by cyber essentials. Business leaders must then prove that they have taken steps to improve their cyber security infrastructure by submitting an official self-assessment.   In […]

Read More

Injection – What is it?

In the third entry of this ten-part blog series, we will take a brief look at A03:2021: Injection.   According to its high placement on the OWASP Top Ten list, web applications are often found to be vulnerable to Injection attacks through multiple vectors.   Injection attacks can occur if an application sends untrusted data to an […]

Read More

Cryptographic Failures – What is it?

In the second entry of this ten-part blog series, we will be taking a look at A02:2021: Cryptographic Failures. This, the second entry in OWASP’s Top Ten list is described as more of a broad symptom rather than a root cause of vulnerability, and specifically points at failures that occur owing to a lack of […]

Read More

OWASP Top Ten Web Application Risks

The team here at CyberWhite are going to put together a ten-part blog series on the globally recognised OWASP Top Ten list for web application security risks. This list is ordered in terms of prevalence, exploitability, detectability, and impact.  To begin this blog series, we will start by looking at A01:2021-Broken Access Control, moving up […]

Read More

How ISO27001 2022 protects against data breaches

The ISO 27001 is the international standard for information security. As new threats continue to emerge and existing ones evolve, meeting ISO 27001 standards become increasingly relevant for businesses in all sectors. It is designed to provide a framework for implementing an effective information security management system (ISMS). This helps protect against online threats, most […]

Read More

Differences between threat hunting and threat detection

When it comes to dealing with cyber security threats, there are many strategies that can be employed and approaches that can be taken. Two of the most widely recognised today are threat hunting and threat detection. It might seem like these practices come hand in hand, however, there are some important distinctions that set them […]

Read More

Who needs to be SOC2 compliant?

SOC2 is an important topic in the current security landscape, with many businesses making the decision to become SOC2 compliant. This can be very beneficial to businesses in various industries that provide services and systems to clients. In this article, we’ll be detailing what it means to be compliant and who should consider SOC2 for […]

Read More

What’s the difference between a security breach and a data breach?

The terms security breach and data breach are often used interchangeably, and whilst they both will typically occur in the same incident, they don’t always, and they have specific meanings. It is beneficial to have a good understanding of what each type of breach means, so your business can respond effectively if/when either a security […]

Read More