Rethinking Enterprise Security with BeyondCorp and Identity-Aware Proxy

The traditional castle-and-moat approach to enterprise network security is crumbling in the face of cloud computing, mobile devices, and remote work. Perimeter-based security models that inherently trust internal networks and distrust external ones break down when the boundary between inside and outside blurs. Users need to access applications and data from anywhere, while applications need…

Cross Site Request Forgery – What is a CSRF Attack and How to Prevent It

As a full-stack developer and professional coder, securing web applications against various attacks is a critical responsibility. One particularly sneaky and dangerous attack that every developer should be aware of is Cross Site Request Forgery, commonly known as CSRF or XSRF. In this comprehensive guide, we‘ll dive deep into the intricacies of CSRF attacks, explore…

SQL Injection and XSS Attacks: A Developer‘s Guide to Securing User Input

As web developers, we have a responsibility to ensure the applications we build are secure and protect our users‘ data. Two of the most common and dangerous web application vulnerabilities are SQL injection and cross-site scripting (XSS) attacks. At their core, these flaws arise from implicitly trusting user input. In this comprehensive guide, we‘ll take…

Securing Cloud Infrastructure with Falco, Prometheus, Grafana & Docker

Cloud adoption is accelerating rapidly. Gartner forecasts worldwide public cloud revenue to grow 17% in 2023 to $591.8 billion, up from $490.3 billion in 2022. And a recent report from Palo Alto Networks found 70% of organizations now host more than half of their workloads in the cloud. But as more sensitive data and services…

How to Protect Yourself Against SIM Swapping Attacks

The smartphone has become the central hub of our digital lives. We use them not just for communication, but to secure our online accounts, make financial transactions, and store our most private data. However, this reliance on mobile devices has given rise to a dangerous new threat: the SIM swapping attack. The Anatomy of a…

How to Pass the CISSP Exam: A Developer‘s Guide

The Certified Information Systems Security Professional (CISSP) certification is one of the most respected and in-demand cybersecurity certifications you can earn. It validates your expertise across eight comprehensive domains of security and is required for many government/DOD security positions. For developers and programmers looking to advance their careers and take on more security-focused roles, earning…

OWASP Top 10 Vulnerabilities – A Guide for Pen-Testers & Bug Bounty Hunters

As a full-stack developer and long-time security professional, I‘ve seen firsthand the devastating impact that web application vulnerabilities can have on organizations. And as a pen-tester and bug bounty hunter, I know that staying on top of the latest threats is crucial to success. That‘s where the OWASP Top 10 comes in. This standard awareness…

Learn to Speak the Security Lingo – Interview Prep for Cybersecurity Job Interviews

If you‘re preparing for a cybersecurity job interview, one of the most important things you can do is make sure you‘re well-versed in the language of the field. Cybersecurity, like many technical disciplines, has its own unique terminology and jargon that you‘ll need to understand and be able to speak fluently. In this guide, we‘ll…

Keep Calm and Hack The Box – Valentine

Hack The Box (HTB) provides an excellent platform for aspiring penetration testers and cybersecurity enthusiasts to legally test and advance their skills. With a wide range of constantly updated challenges, from real-world scenarios to CTF-style puzzles, HTB offers something for everyone looking to level up their hacking game. In this walkthrough, we‘ll tackle the retired…

How to Recognize a Phishing Email – And What to Do When You Get One

As a seasoned developer who has investigated my fair share of phishing attempts over the years, I know all too well how sneaky and sophisticated these scams have become. Phishing emails are one of the most prevalent cybersecurity threats individuals and organizations face today. According to the FBI‘s Internet Crime Complaint Center, phishing was the…

What is XSS? How to Protect Your Website from DOM Cross-Site Scripting Attacks

Cross-Site Scripting (XSS) attacks have been a major threat to web application security for over two decades. XSS flaws allow attackers to inject malicious scripts into web pages viewed by other users, enabling them to steal sensitive data, hijack user sessions, and even take control of the victim‘s browser. According to the OWASP Top 10…

Breaking into Infosec: A Comprehensive Guide to Landing Your First Cybersecurity Job

The global cybersecurity workforce shortage has never been more acute. A 2022 survey by (ISC)2 pegged the deficit at 3.4 million unfilled positions, with 70% of organizations reporting that staffing shortages directly impact their ability to secure systems and data. This dire situation, however, presents a huge opportunity for aspiring information security professionals. The US…