Author Archives: Swascan

Data controller: explanation of the figure and duties

Data Controller According to what the new Data Protection European Regulation ( GDPR ) states, the data controller – described in article 4 – is: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the Read more »

CyberSecurity trends: what is going to happen in 2018?

Top 5 CyberSecurity trends for 2018 CyberSecurity trends: 2018 will surely be an interesting year as far as Cybersecurity is concerned. We already witnessed some big incidents, including data breaches and tumultuous developments regarding cryptocurrencies that led Governments of a lot of countries to issue official directives and implement actions in these directions. CyberSecurity trends: IoT & CyberSecurity threats We should Read more »

OWASP Top 10: which are the main threats?

OWASP Top 10 The Open Web Application Security Project or OWASP , as we said in a previous article, is a not-for-profit organisation that aims at providing ‘best-in-class’ application security solutions. Their advices and tools are free, vendor neutral, unbiased yet practical. The organisation also lists the OWASP Top 10 web application security risks to help developers and system Read more »

Portability of the data: one of the rights introduced by the GDPR

Portability of the data: one of the rights The new General Data Protection Regulation (GDPR), other than data portability, confirms several rights of the data subject. Data subjects have the: Right to be informed; Right of access; Right to rectification; Right to restriction of processing; Right to erasure (right to be forgotten); Right to object; Rights related to automated individual decision-making, including profiling; Last but not least, Read more »

Source code: definition and introduction

Source code: what is it? Source code can be called source as well as code and it is the original version of a software. Basically, the way software has been written and typed into the laptop in the first place. That is the reason of its being in plain text. What do we mean when we refer to softwares? Read more »

OWASP: Open Web Application Security Project

OWASP The Open Web Application Security Project or OWASP is a foundation that came into being on December 1, 2001. Basically, this foundation has a specific goal: improving software security. This not-for-profit organisation aims to provide unbiased, practical solutions to governments, organisations, educational institutes, trade organisations, groups, development organisations etc. OWASP offer tools and documents that have been Read more »

Cross site scripting: what do you need to know about it?

Cross site scripting Cross Site Scripting or XSS is a particular form of injection attack. Basically, attackers inject malicious scripts into a website. The attackers typically use web applications to transmit malicious codes, usually browser side scripts, to a different end user. In return, the web applications in a system generate output in response to the malicious input Read more »

Privacy policy: what is its content according to the GDPR?

Privacy policy in the GDPR GDPR defines the content of the privacy policy that needs to be provided to the data subject in articles 13 and 14. These articles cover the following scenarios: “Information to be provided where personal data are collected from the data subject” “Information to be provided where personal data have not been obtained Read more »

Personal data: GDPR and data explanation

Personal data: what does GDPR say? In the first paragraph of the art. 9 of GDPR (General Data Protection Regulation) there is a definition of personal data. Attached to this definition, you can find the prohibition of processing such data: “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade Read more »

Path traversal: what do you need to know about it?

Path traversal What is Path Traversal or Directory Traversal? Basically, it is an attack method where a hacker attacks or accesses files/directories, which are mainly kept outside a web document’s root directory. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, there is the chance to Read more »