security

Hello from the Jumping Rivers team! Today, we’re taking a moment to chat about our recent achievement – becoming ISO certified. What is ISO 27001 and Why Does It Matter? ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. The standard outlines a framework that helps organisations identify and manage information security risks, implement appropriate controls, and continuously improve their security posture.

This is the second in the series of blog posts about using server headers Content Security Policies Network Error Logging - this one! Heads up! We’re about to launch WASP, a Web Application Security Platform. The aim of WASP is to help you manage (well, you guessed it) the security of you application using Content Security Policy and Network Error Logging. We’ll be chatting about it more in a full blog post nearer the time.

This is the first in a series of blog posts about server headers Content Security Policies - this one Network Error Logging Heads up! We’re about to launch WASP, a Web Application Security Platform. The aim of WASP is to help you manage (well, you guessed it) the security of your Posit Connect application using Content Security Policy and Network Error Logging. More details soon, but if this interests you, please get in touch.

One of our main roles at Jumping Rivers is to set-up and provide ongoing maintenance to R, Python and RStudio infrastructure. This typically involves ensuring software is up-to-date and making sure everything is running smoothly. The OSS Index developed by Sonatype is a free catalogue of open source components and scanning tools to help developers identify vulnerabilities, understand risk, and keep their software safe. The {oysteR} package is an R interface to the OSS Index that allows users to scan their installed R packages.

One of the great things about R, is the myriad of packages. Packages are typically installed via CRAN Bioconductor GitHub But how often do we think about what we are installing? Do we pay attention or just install when something looks neat? Do we think about security or just take it that everything is secure? In this post, we conducted a little nefarious experiment to see if people pay attention to what they install.

Introduction Domain squatting or URL hijacking is a straightforward attack that requires little skill. An attacker registers a domain that is similar to the target domain and hopes that a user accidentally visits the site. For example, if the domain is example.com, then a typo-squatter would register similar domains such as common misspelling: examples.com misspellings based on omitted letters: exampl.com misspellings based on typos: ezample.com a different top-level domain: example.