Improve your web application scanner by understanding the attack surface Understanding the attack surface of the web application is a very important step while conducting cybersecurity research or penetration testing. Even if you are running a web application scanner as part of DAST activities, knowing the attack surface will help you cover more functionality of […]
Cybersecurity research and web application penetration testing in one Performing web application penetration testing is a very good approach to improve the web application security. The most common type of web application penetration testing is a black box model where the team conducting the test knows very little about the target web application. This makes […]
Securing a web application already in production can seem daunting for organizations. However, it’s still possible to apply security measures while it’s in the critical production phase of the software development process, just before it is launched. Ideally, organizations should secure an application from the beginning and throughout each stage of the Secure Software Development […]
Introduction According to this paper, %65 of web applications suffer from cross-site scripting vulnerabilities. I am going to explain the Stored Cross-Site Scripting (XSS) vulnerability I found in an open-source project in this article. The main causes of stored cross-site scripting (stored XSS) vulnerabilities in web applications are neglect to implement security measures at the […]
Preparing for a security breach is critical for your startup, especially when detecting response tools are not always sufficient in identifying who intruded your systems and how it happened. Sometimes, threat actors can move laterally throughout your system for several months or even years while remaining undetected. To avoid this, your startup can utilize canary […]
Containerization mitigates cybersecurity risks at your startup, like attacks and vulnerabilities, that remain even after implementing several security measures. For example, it limits the impact of command injection and post-exploitation attacks, such as privilege escalation or persistence. It also allows any software to run in a restrictive sandboxed environment, which isolates and executes untested or […]
Recruiting good hackers who can test your startup’s technologies for hidden vulnerabilities is essential to ensure your startup has a solid security posture because implementing multiple security measures is not enough. These “good hackers” who are also known as ethical hackers emulate a malicious actor’s adversarial behaviors and search for weaknesses or vulnerabilities in your […]
Centralizing logs at your startup with a log management tool makes it effortless to discover events that lead to security incidents. It also makes it easy to keep track of numerous logs and quickly parse through them across multiple servers, systems, applications, and the cloud. Logs or log files, also known as event logs, audit […]
Data backups are indispensable for a business continuity, disaster recovery, and incident response plan for cybersecurity for startups during disasters (e.g., fire and hurricane), human errors, and attacks such as ransomware. It is critical for startups to secure their data and ensure that sensitive data does not become lost by following best practices for data […]
Patching security vulnerabilities in software and releasing software updates routinely can be challenging, but they are imperative to maintain cybersecurity for startups. Security patches fix coding mistakes or errors that can make software vulnerable to exploitation by malicious actors. Patching vulnerabilities found in software, operating systems, and embedded systems will enhance a startup’s security posture. […]