What does a penetration test vs a vulnerability scanner bring?

Vulnerability scanner vs penetration testThe first one and the second are said to be the best allies of CISO (and in general people in charge of IT security). There are though two different tools in a security strategy. What are the different characteristics of each?

 

Let’s start with the vulnerability scanner.

It is a software that is programmed to run tests on your platform, on your information system – … to detect vulnerabilities. A scanner identifies vulnerabilities thanks to its database containing the known vulnerabilities and common security issues. They go through networks, services, applications, etc.

First characteristic, the tests are automated. This means they are fast and a whole system can be easily tested in some hours / days, depending on its size.

Continue reading

Web Security 2018: Year in Review

Web Security 2018 Year In Review2018 is just finished and we decided to look back at it. From the many news that did the headlines this year, we’ve summed up 8 main elements about 2018. Here’s our year in review for web security.

 

1/ So many data breaches

Figures for 2018 are not known yet, but already on the first half were 944 data breaches listed (source). Despite raising awareness on cybersecurity, data breaches are still numerous.

In some cases, data compromised went further than the “classic” email / password / credit card number loss: For example, Marriott breach included passport numbers, the Aadhaar breach biometrics data… It has a major impact on the people whose data were compromised, and on the image of the companies concerned.

Continue reading

Internship or traineeship/apprenticeship Dev PHP Symfony4

We're hiring developerVaadata is a startup specialised in cybersecurity (penetration testing) and we are looking for an intern (or a trainee/ apprentice) to work on developing internal tools in PHP Symfony4.

 

Who are we?

  • A dynamic startup with an expertise in ethical hacking
  • A small and fun team, very unsimilar to the corporate world of big consulting companies
  • A company that allows time to technical watch and creativity

Continue reading

Did you check your website’s security before peak season?

Ecommerce christmas time and securityChristmas is right around the corner and winter sales are arriving too. Online shopping is planned. Your banners, packaging and special offers are ready, but did you think of your website’s security?
We won’t remember you to update and install patches or to watch suspicious operations (what you are already doing), but we concentrate on three elements to protect your client data and to reassure them about your security level.

 

1/ HTTPS certificate

Using HTTPS is indispensable for an e-commerce website. Users expect to see the well-known padlock on pages where they give their information. Many people only rely on an URL starting with HTTPS and the padlock to judge the reliability of a website.

However, malicious hackers do know it too. Now they create websites with an HTTPS certificate to deceive users. A study from Phishlabs estimates that in the 3rd quarter 2018, 49% of phishing websites are using an HTTPS certificate.
(We detail here how to identify suspicious emails to avoid phishing attacks, which can be tricky even for experienced users.)

Continue reading