Category

Compliance

Category

A lot of IT Security Officers responsible for driving the SOC 2 certification in their companies are probably wondering how the switch to mostly remote workspaces will affect their SOC 2 landscape. I would say that there are two types of companies affected (or not affected) by the coronavirus: Companies that initially not relied on the security of individual workstations, and heavily used the office network infrastructure to provide necessary vichto and protection for sensitive…

In the digital era, financial institutions serve an increasing number of customers through web and mobile applications. Fintech maintains online security, and OWASP offers pieces of the puzzle to address the challenges. We CAN solve these challenges by leveraging the OWASP community knowledge base to secure the financial sector.  On May 21st, 2020, I had the honor to dive into these challenges from multiple perspectives with my two guests, Vandana Verma and Victor Gartvich. We…

In the previous article, we described the vulnerability discovered in the Yii2 Framework 2.0.35. In this piece, you’ll find out how to prevent it.  It’s a highly recommended read, especially for web developers who want to quickly check the rule settings and fix a detected vulnerability. Yii is an object-oriented component framework that implements the MVC design pattern (learn more on Wiki).  We used Yii2 Framework 2.0.35 as a demo configuration.How a seemingly…