Leading information security consultant

tanjimajuha20 · Post by **tanjimajuha20** » Wed Jan 22, 2025 10:47 am

nother important problem of web application security is the gap between IT development and information security, noted the press service of Angara Security. "In most cases, the acceptance of web application security occurs at the end of the development cycle, when there is practically no time left for code verification by information security specialists. Therefore, it is necessary to include security in the DevOps automation process in order to reduce the number of vulnerabilities in finished products to a minimum. This will significantly optimize the processing of vulnerabilities collected by the scanner, which can sometimes take up to several days, and also improve the interaction between various departments working on the creation of web resources and mobile applications," noted the press service of Angara Security.

Protect and rule
at the information security armenia whatsapp resource company Innostage, Tatyana Nikonorova, told ComNews that leaks can occur due to deficiencies in technical or organizational protection. "The first reason is eliminated by implementing properly configured security tools, the second - by increasing awareness and motivation of employees. When discussing the likelihood of a data leak, we still have to say not "if a leak occurs", but "when it occurs". And when it occurs, it is too late to fight: the data has been published. In such a case, it is necessary to minimize the risk of negative consequences for the subjects - at least to acknowledge the fact of the leak and inform about it," Tatyana Nikonorova emphasized.

She noted that against the backdrop of digitalization of personal data (the emergence of digital passports, government services, etc.), we should expect the emergence of new methods of fraud and, accordingly, the development of methods to counter them, but new technical methods of combating them are unlikely to begin to be used before the end of the year. "Organizational methods of combating phishing, social engineering will develop and the quality of implementation and configuration of security tools will improve. In particular, the awareness of narrow focus groups will improve - white, blue collars, children and the elderly," said Innostage, a leading information security consultant.

Alexey Khmelnitsky, CEO of RooX, a company that specializes in authentication, authorization, and development of web platforms for the corporate sector, reminded that data leaks are a complex problem, the solution to which must also be complex.

"There are several key components for reducing the risk of leaks. First, the development of access control systems should be based on the "zero trust" principle, which means special control of employee access to the company's information systems. Even if the user works within the corporate network and uses a corporate computer, he must go through the identification and authentication procedure, and confirm his rights each time he accesses any corporate resource," says Alexey Khmelnitsky.

According to him, the mandatory use of multi-factor authentication (MFA) is necessary. "Despite all the shortcomings of SMS codes, they significantly increase security, which is confirmed by Google and Microsoft research in the field of MFA. For more serious cases, it is necessary to use "hardware" tokens with an EDS key or cryptographic methods of authorization and authentication. Ideally, authentication should be adaptive with an analysis of the authentication context, including using Machine Learning," said the CEO of RooX.

He added that other components of comprehensive protection against data leaks include anti-virus scanning of files, the use of specialized software for protection against data leaks (DLP), the implementation of a system for managing mobile devices owned by employees (MDM), and the use of firewalls to protect web applications.