Innhold om Sikkerhet

Today we are going to explore five big hacks that took place in 2020. First we'll cover two hacks that targeted Norwegian companies Sykehuspartner and NHH. Then we'll take a look at a hack that targeted the Danish company ISS. To wrap things up we'll cover what is probably the two most high profile hacks of 2020: the Twitter phish and the CWT ransom.

As developers, we usually use some sort of pipeline to build and deploy our code. Tools like Circle CI, Gitlab CI/CD and Github Actions are popular. Can your pipelines be a security vulnerability? Can you use your pipeline to create a more secure application?

Integrating security as a part of application development is desirable, but it's often forgotten or dismissed in practice. Dependabot is a Github feature that will help you keep all your dependencies invulnerable and up-to-date, and you can enable it in just a few clicks!

We are really excited to present this year's calendar, and hope that you will enjoy reading it as much as we enjoyed writing it. Security as a topic is hotter than ever. While we count down the days until Christmas Eve you will be given new, original security content each day. Enjoy the countdown together with us!

As you open the final post of this year's security.christmas, we logout of our social media accounts, shut down Slack (or mute it for a while at least) and put away our thin foil hats.

If you haven't lived under a rock the last couple of years, the term Ransomware isn't something new. It grinds the largest corporations to a complete halt and can take months to recover from. But how does it really work? And how should you protect yourself?

On one of the darkest Sundays of the year, we again take a step back, and give you another list of interesting people we follow. Today we pay respect to a few people that deserve to be listened to. Of course there are others, but these stand out.

In business travel, a road warrior is a person that uses mobile devices such as tablet, laptop, smartphone and internet connectivity while traveling to conduct business. The term spawns from the movie Mad Max 2, starring Mel Gibson.

We all know it; application security is a shared responsibility and everyone in the team should act according to the secure lifecycle development process. But our experience is that security is one of the first non-functional requirements that are dropped when deadlines approaches or when management is setting up a budget for the next period.

The Open Web Application Security Project, or OWASP, is mostly know for it's Top Ten Project which covers the most critical web application security risks. They als maintain one of most popular free security tool, the OWASP Zed Attack Proxy. But there is more, so much more. In this post we cover some of our favorite tools by the OWASP project and how we use them.

Does the US government sponsor the development of the darknet? What is The Onion Router project and why should you be anonymous on the internet?

“The s in IoT stands for security” is a joke as old as the shared code base used in your IoT web-camera. Usually we mock IoT for having little or bad security, but the real issue is perhaps that IoT can't have good security.

We've covered FIDO2 in this year's eleventh calendar post, and with FIDO2 available the internet has all the tools need to lighten the load of the password. One of its results is the Web Authentication(WebAuthn) API, simplifying FIDO2 authentication for web browsers. Here are the basics to get started with a wide range of authenticators on your website.

When hearing about security breaches and typically cybercrime, one is sometimes left wondering, where are these servers hosted and why can't they be stopped?