Get subscribed to our newsletter
Get interesting updates to your email inbox.
By- Lisa Frank
When COVID-19 hit, teachers and students got a crash course in video conferencing apps and remote learning. While many schools are now transitioning away from the remote format, technology and education have nonetheless become inseparable. Interaction with others via the internet is now a fact of life both in school and outside of it.
While much of that interaction is healthy, some of it is not. School officials can help stop bullying when it happens in person, but they may not know when it occurs digitally. That leaves parents as the first line of defence against cyberbullying. This year, take some precautions to help protect your kid from this hurtful practise and show them how to interact safely online.
Follow NewsGram on LinkedIn to know what's happening around the world.
To protect your child from cyberbullying, your first instinct might be to bar them from the place it so commonly occurs — social media. Your daughter won't fall victim to the Snapchat equivalent of a hit and run if she's not on the platform, right? And your son won't receive nasty comments on his Youtube videos if you don't let him post any — case closed.
Not so fast, Mom and Dad. It would be unrealistic to totally ban your child from social media — it's just too prevalent. You might be surprised how often even schools will use it to keep in touch with their students. Instead of prohibiting access altogether, set up certain times and situations in which they are allowed to get on social media. That way, if cyberbullies show up, you can help your kid defuse the situation and salve any psychic wounds.
You could allow 30 minutes right after school to look at TikTok while in the living room with you, for example. Or they can catch up on their friends' Instagram stories on their tablets. This routine will be both something to look forward to and easy activity to help them transition from their school day.
Of course, there will be times your child won't have supervision, such as when they are hanging out with friends or away from home. For these excursions, a cell phone for kids is perfect for limiting social media access while allowing you to keep in touch. Using a limited device, they won't encounter harmful people online in a place they feel unsafe.
Popular social media platforms may be integral to modern communication, but there are many lesser-known ones with less stringent rules. These include forums like Reddit and 4chan, which at best can be time-wasters and at worst can invite cyberbullying.
If you're looking to minimize your child's attachment to the internet, then it is best to bar access to such sites. It is far more likely that they'll interact with bad actors in communities with such large, diverse reservoirs of content.
Even if your kid is allowed to go on certain websites, there are actions that they should always avoid without permission. These include messaging strangers, sharing personal information, and making purchases, to name just a few. Cyberbullying can move from the virtual world to the real one when a bully knows your home address. Impress upon your child how important it is to keep personal information private.
Respond to your children without judgment so that if they need help, they feel safe coming to you for aidUnsplash
No matter how much you regulate your kid's internet activity, you want to make sure that they understand why. It's important that they don't feel punished or belittled as you strive to protect them. The best way to do this is by being open with your child: The internet can be dangerous at times. They haven't done anything wrong, but you just want to make sure they aren't put in harm's way.
Provide them with a space to air their opinions respectfully even if they disagree with your decisions. If they beg for a Snapchat account and then run into their school's mean girls, resist the urge to say, "I told you so." Respond without judgment so that if they need help, they can feel safe coming to you for aid. A healthy foundation of trust relies on your respect for their needs and vice versa.
Having this support system can mean the difference between their feeling powerless or protected during a harmful interaction. They'll always be sure that you are in their corner should a cyberbully strike. And if one does, it will present an opportunity to discuss rules, their necessities, and their objectives.
While your primary goal is to protect your kid from cyberbullying, as a parent it's also your job to ensure they aren't bullying others. Cyberbullying takes many different forms, and because of this, it's important to teach your child internet etiquette.
Without someone's face in front of us, it is easier to say things to people that we wouldn't in person. Remind them that behind every profile, there is a real person. They may be tempted to join in on an internet pile-on — especially when the "cool kids" at school are doing it. Encourage them to step away (or better yet, come to the other student's defence) in such situations. If your child understands the effect harsh words can have on a person, they'll be more likely to do the right thing.
On the flip side, teach them it's OK to brush the occasional negative comment aside. It is also worth discussing the importance of context — the unemotive nature of text communication can sometimes breed misunderstanding. A simple comment giving someone a suggestion might be interpreted as hostile due to the absence of verbal inflection. While they shouldn't downplay genuinely hurtful language, they shouldn't be quick to take offence, either.
Most social media platforms have implemented anti-bullying features aimed at giving users a sense of control and self-protection. Instruct your child on how to use these tools to curate and preserve their online experience. This includes unfriending, unfollowing, blocking, reporting, hiding, and restricting undesirable accounts and posts when they encounter something that bothers them.
If your kid can't find a solution on their own, even with these tools at their disposal, that doesn't mean they're out of luck. After all, you've already given them the assurance that they can always ask for your help. By familiarizing them with solutions and managing their usage, you'll be better able to keep your child safe from online bullies this school year.
Disclaimer: (This article is sponsored and includes some commercial links)
The UN Refugee Agency (UNHCR) on Thursday announced that it has provided assistance to thousands of needy people across Afghanistan.
On Wednesday, the UNHCR in collaboration with a number of aid agencies provided essential household items to a total of 4,506 people in Kabul, Kandahar, Kunduz and Balkh provinces, the UNHCR Afghanistan said in a Twitter post.
"In Herat (province) we provided cash grants to 665 persons to meet basic needs, and in Kabul and Herat 973 persons received cash for rent," the agency said.
The UN agencies together with aid agencies and a number of non-governmental organisations are racing against time to deliver life-saving aid and supplies to crisis-hit Afghans ahead of winter, reports Xinhua news agency.
The economic situation worsens in Afghanistan with higher unemployment rate and rising poverty.
Afghans make up one of the largest refugee populations worldwide.
There are 2.6 million registered Afghan refugees in the world, of whom 2.2 million are registered in Iran and Pakistan alone, according to the UNHCR.
Another 3.5 million people are internally displaced, having fled their homes searching for refuge within the country.
In light of the rapidly deteriorating security situation in 2021, the number of people fleeing will likely continue to rise, the Agency added.
Keywords: Afghanistan, Taliban, UNHCR, Economy, Society, Safety.
By- Naman Rastogi
The first thing to understand about API security testing is that it is not a one-size-fits-all process. Testers must take into account the scope of the project, as well as the specific needs of developers and end-users. This article will provide you with some basic guidelines for an API security testing program. It will also outline some API security tests that you should consider including in your API testing process.
API security testing is a process that checks API functions for security vulnerabilities. These tests are intended to identify problems with the API's design, functionality, and implementation. API security testing is a proactive way to check the API for potential exploits.
Follow NewsGram on Facebook to stay updated.
Tests To Include in API Security Testing
The API's parameter tampering test is a way to check any API calls that contain parameters for known attack patterns. The API security testing tool you use should provide warning alerts when it finds these types of vulnerability points.
Parameter tampering occurs because developers aren't properly securing the input data before it enters an API call from another application or web service. This gives attackers the ability to tamper with API input data. You can checkout this detailed guide on How to Perform Web Application Testing
Testing for API parameter tampering can include looking at all variables within API calls and checking whether they need to exist or not. In your tests, you'll also want to check how values are passed into API calls and whether or not they can be changed once data is passed in.
Also Read: No Halfway Deal In Security
Input fuzzing is one of the most basic kinds of testing you can perform on an API. It occurs when attackers send API inputs that contain random or unexpected values. This test will show you whether the API can handle random data or not. It should do so without impeding its performance, but rather enhancing it.
The API security testing tool you use should allow for several different types of fuzzing:
●Data Format Fuzzing: An input format can be modified to see how the API responds when an invalid value is received.
●Range Fuzzing: Some APIs only accept certain numeric ranges from authorized users, such as credit card numbers and phone numbers. You should check whether your API functions properly under this type of condition.
The first thing to understand about API security testing is that it is not a one-size-fits-all process.Getastra
●Boundary Fuzzing: This type of fuzzing should be used to check for boundaries within the API itself. For example, checking if a string is between certain character lengths, determining whether it's possible to pass in an empty parameter value that will still produce valid results, etc.
Testing for API input fuzzing can also include randomizing parameters that are always required by the API function being tested (e.g., session IDs). If these values don't need to exist, hackers will be able to bypass any checks made by the developers who have implemented strict guidelines regarding API usage.
Another API security test you should consider is to check for unhandled API functions. Unhandled API methods are those that developers didn't code into the API. This happens either because they were unaware of their necessity or simply forgot about them.
Allowing access to these functions creates a vulnerability point in your API's functionality. Unfortunately, attackers can use these vulnerabilities as attack vectors. API security testing should search for unhandled API methods and alert you to their presence.
This API security testing method will help you determine how well the API performs under different input conditions without any malicious actors trying to tamper with it.
A final API security test you should consider is to check for possible injection attacks. This type of vulnerability occurs when user-defined input data can be inserted into API calls as part of the API's scripting language.
Injecting attacks have been a long-time security threat for APIs. This is because they allow attackers to use any type of data that can be manipulated and inserted into an API call. They should ideally only allow what is provided by regular users or applications trying to access the API.
The API security testing process goes beyond just finding the presence of common API attack vectors like cross-site scripting (XSS), SQL injection, remote code execution, and much more. It also looks for other API features that can put your system at risk if they aren't properly secured with input validation defenses or strict API security features.
Though API security testing may seem daunting, it's a necessary step in securing your systems and data. As the saying goes, an ounce of prevention is worth a pound of cure! If you don't have time to do this yourself, you can always seek help from security experts. The costs are justified by the benefits. So, make sure to conduct API security testing if you haven't already!
Disclaimer: (This article is sponsored and include some commercial links)
By Cathy Carter
Failure is an essential part of the human condition, and yet nobody likes to fail. But without fail, you would never learn something new, let alone succeed in it.
When you are in a crisis mood, it is the general human tendency to experiment, scramble, hack, screen, and make your way through the process. When you fail to achieve what you desire, your mind opens up to external inputs and flails for new ideas.
Irrespective of whether there are mistakes in coding or testing, you can learn from your mistakes and those made by others, and that is exactly what the epic failures in DevOps security entails.
Follow NewsGram on LinkedIn to know what’s happening around the world.
Here is a guideline that can help you understand why organizations fail at DevSecOps and how you can avoid these mistakes.
Reasons Why Organisations Fail at DevSecOps and How to Avoid the Mistakes
Reason 1 – Creating a Separate DevOps Department
If you are a DevOps adopter, creating a new department in the organization to manage the strategy and framework is the number one mistake you commit.
That is not how it works. It would help if you considered how this would affect all the other connected parts. When forming a new department, you also have to remove someone or something else, which often adds more time to the process.
How to Avoid: Though DevOps implementation call for leadership similar to the traditional departmental management, the DevOps strategy must be executed as a framework in which your operations and development staff can begin to work together and not as a new department whose duty is to oversee these separate groups and force them to interoperate. Your organization should focus only on the new procedures of DevOps and not on a new department.
- Reason 2 – Not Monitoring System Access of Developers
Organizations often overlook the amount of access that developers get in the early stages of rolling out DevOps. The developers get a lot of trusts, and they are empowered to do their job well. But this can initiate a lot of problems in the right implementation of DevOps and their arrival at the correct results.
How to Avoid: While granting a substantial amount of access to the developers does not harm anybody, ignoring what they are doing completely can hurt the correct implementation of DevOps. That is why you should constantly monitor and keep a close eye on your developers regarding this operation.
- Reason 3 – The Scanner Results Are Never Reviewed
Just purchasing an expensive DevOp is not enough. You may be super-excited about this new inclusion in your organization. But even if you have got all the right tools configured, you are wrong if you’re not in your personal development.
How to Avoid: If you do not check the reports, you do not know the status of your security posture. Even if the situation was alright last week, the situation could differ today. New vulnerabilities can be published every day. A gaping hole can also be created in your defense if one of your employees had made a configuration mistake. Remember that historical returns do not guarantee future returns, especially in financing businesses. That is why scanner results should constantly be reviewed every week, if not daily.
- Reason 4 – Not Utilising Great Automation
DevOps can be implemented in a better way with purposeful automation. DevOps need to take automation across the development lifecycle comprehensively. This involves continuous delivery, integration, and deployment for quality outcomes and velocity.
How to Avoid: The organization must look at the complete automation of the CD and CI pipeline as purposeful end-to-end automation is essential for the successful implementation of DevOps. However, organizations must identify a variety of opportunities for automation across processes and functions. This will reduce the requirement for complicated integrations, which will need new management in various format deployments.
- Reason 5 – Implementing Wrong Ways for Measuring Project Success
The DevOps Promises faster delivery. But the DevOps program is an utter failure if the acceleration comes at the cost of quality.
How to Avoid: The enterprises that want to deploy DevOps must use the right metrics to understand the growth and success of the project. For that reason, it is essential to consider the metrics and align success with velocity. Please focus on the correct parameters as it is crucial to driving automation decisions intelligently.
These are some of the significant reasons why DevSecOps fail. Now that you know these reasons, you can avoid making mistakes and get the most of what DevOps security offers for your organisation.
(Disclaimer: The article is sponsored and hence, promotes some commercial links.)