Compliance Archives

In Compliance

Building Security into Cloud Native Apps with NGINX

July 10, 2020 7 Mins Read

Industries from hospitality to taxis/transportation and food delivery are being disrupted by new age companies like Airbnb, Uber and DoorDash that have a cloud-based software infrastructure as one of their main enablers. Why do all these new companies use cloud and what advantage does it give them? Unlike legacy competitors, innovators with new infrastructure can: Quickly scale and grow their customer base Support their business in different geographies and ensure availability Ensure convenience, with users…

In Compliance

How To Protect Your Kubernetes Cluster with Wallarm – part 1 of 3

July 1, 2020 6 Mins Read

Kubernetes clusters enable an organization to easily take advantage of containerization. While this is a huge asset, it also creates security issues. Many organizations lack visibility into the applications within their Kubernetes cluster and their attack surface. Within a Kubernetes cluster, an organization can be running websites, microservices, and APIs. The problem with these applications is that they are very likely to contain exploitable vulnerabilities. In fact, the average web application contains 22 vulnerabilities, 4…

In Compliance

SOC 2 Compliance During Covid-19 Times

June 17, 2020 2 Mins Read

A lot of IT Security Officers responsible for driving the SOC 2 certification in their companies are probably wondering how the switch to mostly remote workspaces will affect their SOC 2 landscape. I would say that there are two types of companies affected (or not affected) by the coronavirus: Companies that initially not relied on the security of individual workstations, and heavily used the office network infrastructure to provide necessary vichto and protection for sensitive…

In Compliance

Security Challenges in FinTech – Discussion with Vandana Verma, OWASP

June 4, 2020 8 Mins Read

In the digital era, financial institutions serve an increasing number of customers through web and mobile applications. Fintech maintains online security, and OWASP offers pieces of the puzzle to address the challenges. We CAN solve these challenges by leveraging the OWASP community knowledge base to secure the financial sector. On May 21st, 2020, I had the honor to dive into these challenges from multiple perspectives with my two guests, Vandana Verma and Victor Gartvich. We…

In Compliance

Why You Need to Use Rules in Your Yii2 Framework Models

June 3, 2020 4 Mins Read

In the previous article, we described the vulnerability discovered in the Yii2 Framework 2.0.35. In this piece, you’ll find out how to prevent it. It’s a highly recommended read, especially for web developers who want to quickly check the rule settings and fix a detected vulnerability. Yii is an object-oriented component framework that implements the MVC design pattern (learn more on Wiki). We used Yii2 Framework 2.0.35 as a demo configuration.How a seemingly…

In Compliance

Tips for Securing Online Payments

October 25, 2019 13 Mins Read

Understand how e-commerce transactions work, what a payment gateway is, and how to keep your online payments secure. Online businesses mean even more reliance of customer trust, which means higher security.