Yesterday, the Swetugg conference in Stockholm, Sweden, gathered hundreds of developers for a full day of talks and best practices. Detectify’s software engineer Martina Janevska was one of this year’s speakers. Martina used her own 2-year old code to demonstrate how much she has learnt about security since she started to work at Detectify – with her new security skillset, she actually hacked her old code to find out how vulnerable it was at the time she built it.
Participating in Google’s bug bounty program at age 14 sparked my interest in web security. I have now, at 17, been employed by IT security startup Detectify for two years and written IT security-related columns for leading media houses in IT and tech. Here are 5 ways that I believe we can get more young people into web security.
Once upon a time, an IT department’s primary job was to make sure the printer was working and ensure employees could log in to their computers. Most work was simple; that is no longer the case today. Read this article by our guest blogger Faith MacAnas to find out what your IT department needs to be doing to keep up.
Online retail has been around since the early days of the internet and has grown dramatically over the last two decades. To find out whether e-commerce retailers are aware of security risks, we have looked into the HTTPS configurations of 915 Swedish online stores. The results show that it is high time for e-commerce to catch up with security best practices.
Many are most likely already familiar with CDNs, Content Delivery Networks, but in short, a CDN is a service where a site owner can place all static content, such as images or scripts. The following article will go over how to configure a web site to minimize the potential damage if a CDN is hacked.
As soon as WordPress launch a new version they publish a changelog on their website where you can find what has been changed, including all security vulnerabilities that have been patched. Disabling the WordPress auto-update feature can open up your website to attackers that first check the changelog and then look for sites that haven’t been updated.
A phishing email that supposedly comes from Telia, a mobile network operator, has recently been doing the rounds in Sweden. The recipients were asked to click on a link in the email to access their monthly mobile bill. There is a lot of money to be gained from phishing attempts, which is why the number of suspicious emails in circulation keeps growing and the attacks range from mass send outs to sophisticated CEO fraud. In this blog post, we explain how to identify phishing attempts in your inbox and stay safe.
Web security in 2016 is very different from what it was like in 2006, 1996 or even further back. As technology evolves and leaps forward, unfortunately, so do vulnerabilities. Prevention strategies that were sufficient ten years ago might not hold up well in the face of fast-paced progress. Our society is becoming increasingly networked, which broadens the scope of potential exploits. All this warrants a new perspective on security based on an understanding of how the field has changed and how to respond to new challenges. In this article, we explain how web security has evolved and share best practices that are key to staying safe online.