Combating Internet of Things Cyber Threats: Top Security best practices for IoT applications
The Internet of Things (IoT) is changing the way that businesses operate, especially in the areas of warehousing, transportation, and logistics. These changes make the security of IoT devices even more crucial, considering the time and money that is required if a hacker breaks through the defences.
Written for IBM developerWorks
Developing GDPR Compliant Applications
The General Data Protection Regulation (GDPR) was created by the European Commission and Council to strengthen and unify Europe's data protection law, replacing the 1995 European Data Protection Directive. Although the GDPR is a European Union (EU) regulation, it applies to any organizations outside of Europe that handle the personal data of EU citizens. This includes the development of applications that are intended to process the personal information of EU citizens. Therefore, organizations that provide web applications, mobile apps, or traditional desktop applications that can indirectly process EU citizen's personal data or allow EU citizens to sign in are subject to the GDPR privacy obligations. Organizations face the prospect of powerful sanctions should applications fail to comply with the GDPR.
This three-part article summarizes the GDPR and explains how privacy regulation impacts and applies to the development and support of applications intended to be used by European Union citizens. Part 2 explores how to integrate privacy risk evaluation and mitigation within the software development lifecycle, and Part 3 provides practical application development techniques that can alleviate an application's privacy risk.
Written for IBM developerWorks, the guidance is in three parts
Part 1 - A Developer’s Guide to the GDPR
Part 2 - Application Privacy by Design
Part 3 - Minimizing Application Privacy Risk
Scan your App to find and fix OWASP Top 10 Vulnerabilities
Today's modern web applications are more than a match for most desktop PC applications and continue to push boundaries by taking advantage of limitless cloud services. But more powerful web applications means more complicated code, and the more complicated the code, the greater the risk of coding flaws — which can lead to serious security vulnerabilities within the application. Web application vulnerabilities face exploitation by relentless malicious actors, bent on profiteering from data theft, or gaining online notoriety by causing mischief. This article looks at securing web applications by adopting industry best application development practices, such as the OWASP Top 10 and using web application vulnerability scanning tools, like IBM Rational AppScan.
Written for IBM DeveloperWorks
A Developer's Guide to Complying with PCI DSS Requirement 6
The Payment Card Industry Data Security Standard (PCI DSS) is a highly prescriptive technical standard, which is aimed at the protection of debit and credit card details, which is referred to within the payments industry as cardholder data. The objective of the standard is to prevent payment card fraud, by securing cardholder data within organizations that either accept card payments or are involved in the handling of cardholder data. PCI DSS consists of 12 sections of requirements, and usually, responsibility for compliance rests with IT infrastructure support. PCI DSS requirement 6, however, breaks down into 28 individual requirements and sits squarely with software developers involved in the development of applications that process, store, and transmit cardholder data. PCI compliance heavily revolves around IT services. IT-focused compliance managers that are tasked with achieving compliance within organizations, often lack the required software developer knowledge and experience to help assure that the application development meets the arduous requirements of PCI DSS. Follow along to read a developer's perspective to complying with PCI DSS requirements.
Written for IBM developerWorks
Simple GDPR Information Security Guidance
There are plenty of Cyber Security Sales and Marketing teams jumping on the General Data Protection Regulation (GDPR) bandwagon, often peddling fear of massive penalty fines and in far too many cases spouting nonsense and unnecessary guesswork about the GDPR's information security requirements. This article provides a simple and factual view of complying GDPR's Information Security requirements.
Written for blog.itsecurityexpert.co.uk