NCSC Cyber Security Board Toolkit: Director's Guide
Discover how the NCSC’s Cyber Security Board Toolkit helps boards lead confidently, align cybersecurity with strategy, and protect against evolving threats.
Posts
Security Awareness Training: Does It Actually Work?
Phishing training might be failing you. Research shows annual awareness training offers no real protection, and embedded simulations improve outcomes by only 1.7%. Discover why traditional methods …
SAMMY: Free OWASP SAMM Assessment Tool by Codific
Assess and improve your software security maturity with SAMMY. Free OWASP SAMM implementation tool for DevSecOps teams. Start your assessment now.
How to Show Return on Cyber Security Investment
Demonstrating the return on cyber security investment is a task every CISO must handle. Let us share how to show the return on security investment in real life.
CVE-2022-0271: Leaflet Maps Marker SQL Injection Exploit
BSG discovered CVE-2022-0271, a critical SQL injection in Leaflet Maps Marker WordPress plugin. Full vulnerability disclosure, PoC, and remediation steps.
CVE-2022-25854: Tagify npm Stored XSS Vulnerability
BSG researchers discovered a stored XSS vulnerability in @yaireo/tagify npm package. Full disclosure, PoC, and patch details inside.
BSG Wins SANS NetWars: Ukraine’s First CTF Champions
BSG team won Ukraine’s first SANS Grid NetWars cybersecurity tournament. See how our pentesters competed and claimed victory in this elite CTF challenge.
Software Supply Chain Security: Beyond XZ Utils
Software supply chain security after XZ Utils — how the attacks work and the modern defenses (SLSA, SBOM, signing) that actually move the needle.
Software Product Security: Where To Start?
When should you start securing your software product, and what should you start with? A practitioner's roadmap built on OWASP SAMM, ASVS, and WSTG.
How to Choose a Penetration Testing Company?
Do you know how to choose the right penetration testing company? In this article, we talk about the factors to look out for.