Today, we’re looking at six steps you can take to ensure the safety and security of your web applications – and the sensitive data they contain. 

Many organisations treat PCI compliance as an expensive, stressful and time-consuming annual event. In the scramble to achieve compliance, you can feel like you’re paying out left and right for whatever is needed to get through the assessment.

Today I’m looking at what organisations can do to reduce the costs associated with achieving PCI compliance.

Application security is vital for minimising the risk of attacks crippling your organisation, but there’s a hidden benefit of exceptional application security that often gets less attention.

That’s the ability to differentiate your organisation from its competitors.

There’s a large number of ways that application security can be used to differentiate you from your competitors, and in today’s post I share a few examples.

There’s lots of guides on the web that’ll help you to write better code. I could find hundreds of tips that’ll help you to write great code in an hour. Code that gets the job done, is easily maintained and proves hard to exploit… All in less than O(2ⁿ).

But who wants that?

In today’s post I share a ten step guide to writing truly awful code.

It seems every week we hear about another large organisation that has lost confidential customer data. 

But why do these breaches keep happening? There’s a number of key reasons, and in today I share 5.

Your organisation’s employees are using social media.

They’re using it at home.

They’re using it on the way to work.

They’re using it when they’re in the office (whether you’ve allowed them to or not). 

This means that your organisation needs to think very carefully about the risk social media poses to its security.

In today’s post I explain a few techniques for reducing that risk to your organisation.

To ensure organisation-wide security, it’s essential that applications are developed with security built-in from the very beginning.

Application threat modeling makes it possible to systematically analyse the security of an application – identifying potential threats, ranking their risk and enacting countermeasures to resolve them.

To help you incorporate this best-practice into your application development, we’ve taken a simple 3-step look at how to do it.

You can invest all the time and money in the world ensuring that your internal systems are safe and secure, but with more and more third party vendors being used each year, it’s all for nothing if they’re not secure too. 

Companies are now purchasing cloud software ranging from enterprise storage to HR management, driving the importance of secure software vendors home. 

It raises an important question though: how do we identify secure software vendors? 

In today’s post I highlight some of the things you should look out for when attempting to identify secure software vendors. 

Do you login to your business email account on your personal mobile? Do work on a personal laptop? Access company software from your tablet?

If you’re like most organisation employees, the answer is a resounding yes, and you’re a part of the BYOD (bring your own device) movement.

Hashing and encrypting are two words that are often used interchangeably, but incorrectly so. 

Do you understand the difference between the two, and the situations in which you should use one over the other? In today’s post I investigate the key differences between hashing and encrypting, and when each one is appropriate.