Word of the Week “Cyber Security Macro Themes for the 2020’s” There will be 6 major themes that differentiate great security programs, products, features and processes. These are different from overall risk and control trends, rather, they are more about the way to develop and deploy controls – and represent a unified theme of folding cybersecurity into systems delivery. Control trends all center on continuity: continuous access assurance and least privilege, continuous software assurance and developer centric tooling, continuous and adaptive micro-segmentation / meshing, continuous control conformance monitoring, continuous anomaly detection and relentless processes to adapt control frameworks according to threat intelligence (macro and micro). But, it is becoming more important to consider how we deploy these, more than just doing so and walking away Link HERE AND “WAAP in WAF clothing” Magic Quadrant for Web Application Firewalls The WAF market remains dynamic, with many providers claiming strong, two-digit growth. Gartner observed a short period of slowdown during the early days of the pandemic, followed by a quick return to normal with 20 % growth in end-user WAF inquiries for the first half of 2020. WAF Appliance Is the Silent Majority: Most Gartner client inquiries involve selecting a WAAP product. However, Gartner estimates that most existing WAF deployments are in the form of physical or virtual appliances. This is especially true outside North America, and among the more traditional web applications, even when deployed on IaaS. What is changing is that, despite the existing market share, most providers now prioritize the development of their WAAP products. When planning their roadmap, providers favor features that can be delivered in both deployment form factors. WAAP Is the Primary Solution for New Applications: Gartner has observed the growing importance of WAAP architecture. There is a split between WAAP over IaaS infrastructure (“cloud-rented”), which sometimes looks like a forklift of WAF appliance products, and distributed WAAP built on proprietary infrastructure (“cloud-owned”). The latter architecture style tends to move faster when adding new features and leveraging large-scale data to feed learning algorithms. The single-site (or regional) approach often comes with centralized management expanding beyond WAAP. Customers with hybrid WAF deployments often favour this option. Customers with a larger number of cloud-hosted web applications and API to protect tend to favour the distributed WAAP, which more often comes bundled with a CDN and favourable DDoS protection add-ons. Word of the Week Special “Eradicating Vulnerability Classes” How? By shelving SAST & Embracing Secure Defaults & Invariants Links HERE Bonus Link HERE Bird tracked without consent 😊 Link HERE No link Link HERE and about the issue HERE Link HERE – thanks to TK Link HERE Link HERE AND answers AND Link HERE Link HERE Link HERE Crypto challenge of the week Wonderland Fall down the rabbit hole and enter wonderland Link HERE Hack this repository: The EkoParty 2020 GitHub CTF challenges Link HERE Dates
Rumour vs reality Link HERE
Old one to make you giggle (again)
Massive US Voters and Consumers Databases Circulate Among Hackers Link HERE
Book of the month Code of Practice: Cyber Security and Safety This Code of Practice is written for engineers and engineering management to support their understanding of the issues involved in ensuring that the safety responsibilities of an organization are addressed, in the presence of a threat of cyber attack. “If it’s not secure, you can’t be confident it’s safe”. Link HERE Link HERE Link HERE Comic of the week ##Some OWASP stuff first
Leave a Reply |