Blog

1
Blog

General Data Protection Regulation (GDPR)

What is GDPR? GDPR represents the General Data Protection Regulation. GDPR is a regulation in EU law on data protection and security in the European Union and the European Economic Area. It additionally addres...

http://apptroops.com/large-image/
Blog

Brief Introduction On Devsecops

Overview of DevSecOps The DevSecOps approach coordinates Development and Operations with Security Operations, embedding security rehearses into the product improvement and tasks lifecycle. The objective of the ...

Top US Travel Site Secured From IDOR Vulnerability Before Exploitation
Blog

Top US Travel Site Secured From IDOR Vulnerability Before Exploitation

Databases often hold the backbone of an organization; its’ transactions, customers, employee info. It should be of no surprise that company databases are the high-value target for cybercriminals. Recently apptr...

Critical/High Severity Vulnerabilities
Blog

Cross-Site Scripting Vulnerability Leads To Critical Takeover For Banking Platform

To catch a hacker, you must think like a hacker. An attacker looks for ways to chain together multiple exploits into one large attack. What is often missed in this type of scenario is what happens when vulnerab...

Low Severity Vulnerabilities
Blog

OK To Defer Low Severity Vulnerabilities?

Not if a black hat hacker can chain multiple low severity vulnerabilities together to create a critical/high severity vulnerability! We’ve seen several instances of this tactic with our customers recently Simp...

Static/Dynamic Testing
Blog

Does Static/Dynamic Testing Identify All App Vulnerabilities?

In a word, No. There are certain vulnerabilities can only be identified with manual app testing, such as Authentication Bypass, Password Management & Privilege Escalation, logout functionality and token han...

red team pen testing
Blog

Run More Frequent Pen Tests Economically

Running full penetration tests is expensive because it’s labour intensive. Unlike malware or vulnerability testing which can be mostly automated, penetration tests are mostly manual and are performed by very sk...

automated vulnerability testing
Blog

Is automated vulnerability testing enough?

It wasn’t enough for Equifax.  In today’s cybersecurity environment, you’ve got to think like a black hat hacker and protect your infrastructure from the techniques used not just the vulnerabilities themselves....

two
Blog

A glossary look at the effect of Ransomware

After the things we heard about WannaCry ransomware earlier this year, a lot of people have started asking quite some questions about this Trojan that is going about infecting people’s PC and even mobile device...