Why Common Vulnerability Scanning Practice is Useless?

I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful!  Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional… Continue reading Why Common Vulnerability Scanning Practice is Useless?

Penetration Testing vs. Secure Code Review

What is the best way to make sure a software product is secure?  The easiest way is to roll out to the market and see what is going to happen and hope everything does well…no kidding, that is what most software developers do!  Let’s forget about what majority of software community do and see what… Continue reading Penetration Testing vs. Secure Code Review

are we still coding, or just copy‑pasting?

this generation of developers has access to more tools than any other time in history. stackoverflow, github issues, reddit, dev.to, kite, tabnine, intellicode… the list keeps growing. and with every new “assistant,” we get further away from the one thing that actually matters in software development: originality. but let’s be honest — the problem is… Continue reading are we still coding, or just copy‑pasting?

Learn security from internet but not just Google

if you learn cooking from fast‑food ads, don’t expect to become a chef.” the internet is bigger than your search bar people think “internet” means whatever shows up on the first page of a search engine. that is the first mistake. search engines are built for popularity, not accuracy. they show what is loud, not… Continue reading Learn security from internet but not just Google

Abusing Internet Users: The Silent Cost Behind “Free” Online Services

There is a reason many of us hesitate to work on platforms like Facebook, Twitter, or any of these so‑called “free” online services. It is not because the technology is bad. It is because the model is bad. These services do not just host our content — they quietly learn from our experiences, our decisions,… Continue reading Abusing Internet Users: The Silent Cost Behind “Free” Online Services

Does Internet Act As A Valid Source Of Information?

Internet was built with the initial goal of providing the most validated data to the corresponding party. Today we are so far away from that mindset but still, how much we can rely on the data provided via the Net? The answer is simply depends on the source of data. People usually believe what they… Continue reading Does Internet Act As A Valid Source Of Information?

No Silver Bullet in Computer Security

No Silver Bullet in Computer Security

There is no silver bullet in any aspect of information security. All the answers like EDR, MFA, SIEM… might get you in a better or worse security posture, it all depends to how you implement and manage but none of them are silver bullet in their area (malware protection, authentication, monitoring…). It is all about… Continue reading No Silver Bullet in Computer Security

Troubleshooting with Google is useless because you won’t learn

problem solving is not searching searching might give you an answer. but it won’t give you understanding. “water usually finds the way out of a leaky pipe, but it won’t fix the plumbing.” systems are complex. success is luck without insight. troubleshooting is its own skill you learn to troubleshoot by knowing what parts interact.… Continue reading Troubleshooting with Google is useless because you won’t learn

Accurate Vendor Risk Assessment

How to have an accurate vendor risk assessment

How to have an accurate vendor risk assessment?  Assessing your vendors, suppliers, business associates…or any other term you give to who is providing services to your firm is crucial and even might be required from a regulatory stand point (i.e. like in HIPAA). I do not want to get into detail of what would be… Continue reading Accurate Vendor Risk Assessment