-
Eye on
CYBER SECURITY
Cyber4Z in short
Cyber4Z started in 2015 with two specialists experienced in the cybersecurity domain. We now have a team with various capabilities in the field of strategic and tactical design of cyber security, IT, Privacy and Blockchain technology.
In addition, we are involved in technical and tactical implementations of complex security challenges that focus on the acceptance of new technologies in a pragmatic way. With our expertise and experience, we can guarantee the business objectives of our clients. These are widely determined by laws and regulations, customer requirements and rules of compliance.
Who are we?
Our team consists of certified professionals. Quality is our top priority. The technical and tactical implementations we deliver from the strategic design can be externally certified against the ISO9001, ISO27001, NEN7510 or other standards. Therewith we can have our quality tested externally as well. In addition, we provide operational knowledge when it comes to technical security assessments such as penetration tests, project management, SOC / SIEM propositions with connecting services such as log management, vulnerability and compliance management, patch management, training in the field of privacy, security and blockchain technology.
More about Cyber4ZOur clients
Monthly Cybernote: February 2025
OWASP introduces new top 10
With the introduction of the OWASP Non-Human Identity (NHI) Top 10, the Open Web Application Security Project (OWASP) is drawing attention to a growing, but often underestimated, security problem: protecting non-human identities. These are digital identities that are not used by people, but by machines, such as API keys, service accounts, OAuth applications, IAM roles, and other machine identities.
The Open Web Application Security Project (OWASP) is a global, non-profit organization dedicated to improving software security. OWASP provides freely accessible tools, documentation, and guidance to help organizations and developers identify, understand, and address security risks in web applications and software projects.
Known for projects such as the OWASP Top 10, a list of the most critical security vulnerabilities in web applications, OWASP plays a key role in raising awareness and standardizing security practices within the software industry. The project collaborates with a global community of experts who contribute to research, training, and the development of new initiatives in the field of application security.
Non-human identities play a very important role in modern application architectures. They provide connections between systems, services, and data, and are used extensively in development environments (such as CI/CD pipelines) and cloud infrastructures. Despite their importance, these identities are often poorly managed or insecurely configured. This can lead to serious security risks, such as:
- Compromised secrets (e.g. leaked API keys).
- Overly privileged roles that have more rights than necessary.
- Misuse by attackers, such as poorly secured service accounts.
The existing OWASP Top 10 focuses primarily on vulnerabilities in web applications and does not provide sufficient protection against these specific risks. Therefore, a separate NHI Top 10 has been developed, focusing on misconfigurations and poorly secured machine identities. Both lists complement each other: the classic OWASP Top 10 focuses on common vulnerabilities, while the NHI Top 10 focuses on the secure management of non-human identities.
ing ministries and knowledge institutions, are supported with threat information and security advice to limit threats in a timely manner.Source: OWASP