In the third entry of this ten-part blog series, we will take a brief look at A03:2021: Injection. According to its high placement on the OWASP Top Ten list, web applications are often found to be vulnerable to Injection attacks through multiple vectors. Injection attacks can occur if an application sends untrusted data to an […]
In the second entry of this ten-part blog series, we will be taking a look at A02:2021: Cryptographic Failures. This, the second entry in OWASP’s Top Ten list is described as more of a broad symptom rather than a root cause of vulnerability, and specifically points at failures that occur owing to a lack of […]
The team here at CyberWhite are going to put together a ten-part blog series on the globally recognised OWASP Top Ten list for web application security risks. This list is ordered in terms of prevalence, exploitability, detectability, and impact. To begin this blog series, we will start by looking at A01:2021-Broken Access Control, moving up […]
The ISO 27001 is the international standard for information security. As new threats continue to emerge and existing ones evolve, meeting ISO 27001 standards become increasingly relevant for businesses in all sectors. It is designed to provide a framework for implementing an effective information security management system (ISMS). This helps protect against online threats, most […]
When it comes to dealing with cyber security threats, there are many strategies that can be employed and approaches that can be taken. Two of the most widely recognised today are threat hunting and threat detection. It might seem like these practices come hand in hand, however, there are some important distinctions that set them […]
SOC2 is an important topic in the current security landscape, with many businesses making the decision to become SOC2 compliant. This can be very beneficial to businesses in various industries that provide services and systems to clients. In this article, we’ll be detailing what it means to be compliant and who should consider SOC2 for […]
The terms security breach and data breach are often used interchangeably, and whilst they both will typically occur in the same incident, they don’t always, and they have specific meanings. It is beneficial to have a good understanding of what each type of breach means, so your business can respond effectively if/when either a security […]
As a business, effectively managing your passwords, access to sensitive information, and overall online security is essential. When it comes to securing accounts, two-factor authentication has become a widely used method of maintaining a high level of protection. Two-factor authentication often uses methods like texting a code to a phone number as identity confirmation. But […]
Working remotely has become a popular model for many businesses since the coronavirus pandemic. Fully remote or hybrid working can be a useful way to save money and boost productivity. However, the reliance on our devices and technology when working from home can come with inherent risks and vulnerabilities businesses should be aware of. In […]
