Cloud Security · Security

Just How Big A Problem Is Shadow IT

Its not a problem until its a problem… Mickey Fox This should be enough to give you a bit of heartburn. The average large enterprise as 1200 various cloud services (including PaaS and SaaS offerings) that are in use and 98% of them are unsanctioned and unvetted SaaS apps according to the Enterprise Strategy Group.… Continue reading Just How Big A Problem Is Shadow IT

Security

OWASP Top 10 – Still The Same After a Decade

The year is closing and its now time to reflect back on the hot mess that was 2020. The only thing missing so far is having Umbrella Corp handing out the COVID vaccine and kicking off the zombie apocalypse. We have survived fires, earth quakes, volcanoes, floods, murder hornets, giant globe spanning dust storms and… Continue reading OWASP Top 10 – Still The Same After a Decade

Cloud Security · DevSecOps · Security

Misconfigured AWS S3 Buckets on the Rise

If you have been following for any length of time, you know that I have been blogging about Shadow IT and the security risks it poses in terms of both data leakage and outright breaches. Leaving your IT infrastructure in the hands of the uninitiated who just happen to have a procurement card is arguably… Continue reading Misconfigured AWS S3 Buckets on the Rise

DevSecOps · Security

Why SQL Injection is Inexcusable

I found this awesome infographic from Akamai and I wanted to talk about it a bit because while the infographic itself is awesome, what is represents is the terrible truth behind the point I keep making about DevSecOps. More than 148 million SQL injection attacks… Why? Well, in short, because they work but they only… Continue reading Why SQL Injection is Inexcusable