Summary In summary, this article has the purpose to explain to the reader, the importance of Business Continuity Management (BCM) to ensure resilience. The article starts by explaining what a BCM is and the various concepts that it encompasses. With…
Summary In summary, this article has the purpose to explain to the reader, the importance of security testing in early development stages and the various strategies. The article starts by explaining what application security is, the traditional way of testing…
Summary The increasing integration of Artificial Intelligence (AI) into programming is fundamentally transforming the way software is conceived and developed. With advances in generative AI, exemplified by foundational models like OpenAI Codex, Github Copilot, and Google's DeepMind AlphaCode, programmers are…
Summary The summary underscores the principles and key components of the Zero Trust approach in cybersecurity. Beginning with the axiom "Never trust, Always verify," it explores benefits such as a proactive stance and enhanced visibility and control. It details the…
Context During an authorised penetration testing assessment of Xpand IT Write-Back software, Balwurk's security team found a vulnerability that allows an attacker to craft its own Write-Back commercial licenses, unlocking the software's full features without paying for it. What is…
Introduction It is a truism, in software engineering, that developing software is hard. Developing secure systems is even harder, as shown by the evolution in the number of vulnerabilities in software systems. As the complexity of modern software increases, so…
Governance, Risk and Compliance (GRC) is a set of business management practices and policies that ensures regulatory compliance, risk management and effective governance in organisations. In the Software Development Life Cycle (SDLC), GRC is of utmost importance as it helps…