Can we trust anyone??? 100%? No.
I lost my bees last year... don't lose your data.
One of the things I do is help companies hire security folks. From CISOs to Security Analysts and Engineers.
Some are more advanced / comprehensive than others so keep that in mind.
Sometimes we spend all this time securing our infrastructure, workloads, and systems, but we forget the simple things. One of those things is Domain Name hijacking.
Words such as “white-list” or “black-list” have an impact on others and we’ve become desensitized to it.
I was looking at my garage today and it really reminded me of tech debt. The garage was functional, but not efficient.
Chrome extensions allow external applications access to your user’s browsing data and you may want to consider/review how you inventory and manage chrome extensions.
On one platform when I went to go reserve my name "cloudsecuritylabs" it said that it was taken. Well, I found that interesting, but not surprising.
As usual a variety of topics have come up throughout the week in conversations and servicing clients.
So where does one start in application security? I recommend starting with the OWASP top 10 list. There you will find 10 categories of vulnerabilities that most web applications suffer from.
We discussed the controversial topic of whether companies should phish their employees or not.