The world of information security is ever-evolving as further innovation and development continue to drive the market forward. Web applications are no exception, but as they grow more complex with the addition of new features and supporting technology, so do their attack surfaces. Sometimes, it can feel like the latest risk to your web application is seemingly around the corner, and really, that might be true—it’s become more important than ever to maintain a good security posture.

Famed poet Ralph Waldo Emerson said, “every sunset brings the promise of a new dawn.”

As the world becomes increasingly digital, governments around the world are taking measures to ensure the safety and security of their citizens' data.

Auditors. We’re an odd breed. “A necessary pain in the tuchus,” some may say. Admittedly, we’re not everyone’s cup of tea. In fact, in our 20+ years of experience, we’ve seen the word “auditor” invite various visceral responses. To be sure, organizations aren’t always enthusiastic about inviting us assessors in to do the requisite checks, despite the benefits of doing so (and despite being invited guests).

“New year, new me!”

When developing software securely, many organizations have traditionally relied primarily on administrative security controls—i.e., policy and procedure documents that dictate change control processes and the different steps that need to be completed to remain compliant.

In 2004, the campaign Go Red For Women was born to raise awareness among women about their greatest health threat—heart disease. Slowly, the campaign grew into a movement bringing together thousands of women.

So you’ve committed to an audit. Your customers were asking, or maybe a new regulation came into effect that your organization is now subject to—whatever the reason was, you’ve got to get audited because your audit team is confirmed.