The unsung hero of our connected world is the Application Programming Interface (API). They are the connective tissue that enable developers to explore new services, integrating them into new, great solutions faster. The power, flexibility and widespread use of APIs makes it essential that the way users interact with them is secured.

more →

The ability to manage cyber risk is key and with regulations on the response to ransomware likely to affect a third of the world within the next 3 years tech analyst Gartner say business leaders should build the following predictions into their security strategies for the next two years. Read how activereach can assist you with you security strategy.

more →

Data extortion is not a new tactic for threat actors. Big Game Hunting (BGH) is where actors steal and leak data to force ransom payments.  However, if this threat does not work and the victim does not pay this can result in an additional threat of releasing the data to someone else, usually a competitor – double ransomware extortion.

more →

XSS – Cross-site scripting

XSS is a common form of injection attack on public facing web servers. Any web server can be vulnerable to attack, and websites now are feature-rich with multiple embedded databases, comments sections, and media… all of which increase the vector types that can be attempted by cyber criminals for various reasons.

more →

In the previous article in this series, we looked at the business case for DDoS (Distributed Denial of Service) testing. If you read this last post, you will probably agree that there are a number of features of DDoS attacks and DDoS mitigation systems that make DDoS attack testing particularly important.

more →

Why conduct a DDoS Test?

Historically, security specialists have never placed DDoS testing high on the IT agenda, relying mainly on vulnerability assessment and penetration testing as a means of security validation. However, things are changing. DDoS attacks are no longer simply a risk to the availability of an IT system or service.

more →

The IT Industry is full of terms and acronyms (see our DDoS Dictionary) and one that I have seen a lot of recently is DDoS Pen Testing, usually where Pen Testers are looking to include DDoS Testing as well.  I wrote an article a while back on Penetration Testing and DDoS Testing and how these work together. 

more →

Distributed Denial of Service or DDoS is an attack where there is an attempt to render an online service unavailable by overwhelming it with traffic from multiple distributed sources.

The National Cyber Security Centre (NCSC) is a pivotal organization in cyber security advice and supports the most critical organizations in the UK, the wider public sector, industry, SMEs and the general public.

more →