What do the breaches of Carnival, J. Crew and T-Mobile have in common? All three hacks were related to third party breaches and the hackers went after data.
The incident—revealed in a published report on ZDNet revealed that the details of more than 10.6 million guests who stayed at MGM Resorts were published on a hacking forum due to unauthorized access to a cloud server.
As the World turns to code, the threat landscape increases and cyber security management becomes more complex. Code is created and distributed amongst different teams within the organization and key elements that indicate the health of code is not easily identified. Developers, CISOs, security committees, executives and boards of directors are struggling to come up with meaningful information to better control the organizations cyber security posture. Currently, there are too many platforms and tools that just add to the noise and prevent the achievement of business goals.
Let's start with the basics...What is PCI and why is it important?
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit cards. The standard was created to increase controls around cardholder data to reduce fraud. Validation of compliance is performed annually or quarterly.
It is a PCI DSS requirement to have a secure development lifecycle. Requirements states:
Every aspect of our lives involves computers and the code that runs them so what does Democratizing application code scanning mean, why is it important, and what does it have to do with beer? Before we jump into the beer conversation, let’s discuss application security and the need to simplify the entire process for application code scanning.
OWASP, an international non-profit organization dedicated to web application security, stands for Open Web Application Security Project. OWASP is an open community dedicated to enabling the organization to develop, purchase and maintain application and APIs that can be trusted. One of its core principals is that all of their materials be freely available and easily accessible on their website. It is important to note that OWASP is not affiliated with any technology and or Company. They offer materials such as documentation, tools, videos and forums.