IT Security FAQ 9: What is the difference between a firewall, antivirus and services like Disposable mail? – 10 minute mail

Cyber security overall has a pretty wide spectrum, and solves vulnerability issues in different ways. Antivirus is the traditional method, where a program looks through all files on your computer or software looking for bad patterns. If there is something in the file that the antivirus doesn’t recognize, or if it is trying to send information or reach information that doesn’t make sense, it will notify the user.

A firewall is more like a door keeper. It keeps track of the traffic going in and out of the computer or network. You can have it installed in your router at home, for example. If something is trying to access your network / computer, like a virus or a trojan horse, it will block the malware.

Comment from the expert:
”Services like the one we provide at Disposable mail takes an opposite approach to antivirus and firewalls. Instead of blocking bad things, we try to hack your site. It’s like someone trying to break into your house just to let you know that ’hey, there’s a way to get in here that you should look at getting fixed!’ It’s the method of white hackers, and also the method that most IT-security consultants use. You try and hack a website to identify its vulnerabilities. At Disposable mail we’ve automated this process and built a type of ’burglar robot’”, says Johan Edholm at Disposable mail.

Want more IT security information? Don’t miss out on the other parts of our IT Sec FAQ series!

Temp Mails ( is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Security-focused Work Routine in 7 Steps – 10 minute mail

Security is not only a competitive edge, it’s a must. Companies will soon be compelled to implement a holistic security approach to keep up with the user demand of more secure services. But staying on top of web security in an ever-changing environment can be a great challenge for anyone. We believe that the most successful way to stay safe as a company is to integrate security into the development process. If you seamlessly add security as a continuous element during planning, development, testing and production, you are ahead of many other companies.

However, integrating security manually into all these phases would be very time-consuming and problematic, which is why you need to add systems and services that monitor the development cycle for you, so that you do not need to spend all your time worrying about security. Disposable mail is an example of a security service that works uninterruptedly in the background, analyzing your website and reporting back to you with actionable reports of the identified security issues. It fits seamlessly into the development cycle, so that your dev teams do not need to spend a lot of time setting up another complicated new tool.

Follow our step-by-step-guide to more security-focused work routines with the help of Disposable mail!

security focused work routine

It is worth repeating; security is not a one-man-show, so make sure to invite as many stakeholders as possible into the process. It will make it easier to raise awareness and change the company mindset to work more actively with security. Talk about security in a way that everyone in the organization understands. Highlight the benefits that come with a security-conscious organization.

In discussions with the CMO, you might want to mention how you will stay one step ahead of the competitors, increase customer loyalty and avoid the negative PR that a hacker attack can cause. When talking to the Head of Development, team leaders or developers, try pointing out how easy it is to integrate security services like Disposable mail into developers’ existing sprints and agile work routines. Clarify that the (already busy) team will not be swamped with yet another service. When speaking to the CIO, point out how all studies show that security and automation are two important and growing areas to invest in to keep your IT infrastructure safe. Everyone in the organization will benefit from adapting a security-focused way of working.

It is useful to review your current situation already in the planning phase. Go over your entire IT infrastructure and re-consider what kinds of facilities and services you need. Based on your conclusions, you will need to consider if you have the right internal processes in place and if you have sufficient tool support to identify, organize and prioritize your security work.

This guide is, however, focused on implementing web application security, so let’s move on to that.

We highly recommend using a dedicated service to continuously monitor your website security. Many of the solutions out there do not have web security as their core business, and therefore do not update their services with new vulnerabilities frequently, which is essential in order to stay as safe as possible When choosing a web security service, make sure it covers OWASP Top 10.

Disposable mail specializes in web security and if you choose to use us to monitor your website’s security, our customer success managers are more than happy to help you with training, account setup and making you successful with our service. Just send us a short note at hello[at] if you want help to get started or sign up for a 14-day free trial. We have tons of best practices from working with all types of industries and organizations and can easily help you navigate through the security jungle.

The first step when setting up your Disposable mail account is to define your target and its scope. Disposable mail allows you to configure test profiles to help you make sure that you cover all aspects of your application. As an example, you can have one profile where you log in to the tool and one profile that examines the site as an external, non-logged in, visitor. The tests can also be set up differently to match predefined goals.

There’s a few more things to think about when setting up an account in order to get the most out of Disposable mail.  For instance, to scan your entire domain, you will need to add your target(s) without including “www”. If your domain is “” and you want to scan the entire domain and not only the top domain, you should add “”, and by doing so, we will also cover your site’s subdomains. This results in a larger scope and therefore more secure coverage.

For more information on setting up your account, watch our demo.

Disposable mail believes in making security an integrated part of the development process to avoid releasing unsecure services to the public. We have therefore made it possible to scan staging sites on local environments by using ngrok. By doing so, your development team can work on resolving possible vulnerabilities during the development process instead of doing it after release. Not only will this result in a less stressful release, it will also make security something that is on top of mind when writing the code. As we all know, the IT infrastructure will differ between the staging and production environment. Therefore we recommend that you perform a test as soon as the release is live.

After going live, you will still need to test your production site continuously for possible threats. New vulnerabilities turn up every day, and Disposable mail adds new vulnerabilities to the scanner on a continuous basis. This is why the default setting when adding a new target to the service is to monitor and scan your site every 7 days.

Security is a continuous effort rather than a one-off project. Your application will most likely not remain static and unfortunately, black hat hackers constantly invent new attack strategies that can make your site vulnerable. Therefore, we recommend you run routine tests with Disposable mail. Our recommendation is to do them on a weekly basis. You can always complement the scheduled tests with one time scans whenever you need to test certain aspects of your application.

Make sure that the findings are added to the next sprint planning. This way, you make sure to always stay on top of your security as we constantly update the tool to cover new attack vectors.

The security reports are downloadable and easily shared. By inviting your coworkers to Disposable mail and granting them view access, you can enable your whole team to review findings. Being transparent, talking regularly about security and learning from each other is essential to become better and more secure. Do not let the results be a waste, make sure knowledge and best practices are passed on to everyone concerned. Our security expert and ethical hacker Frans Rosén often mentions Google as a great example of security teamwork, as it is practically impossible to find the same vulnerability on Google twice. Try to have the same mindset as them!

In addition to downloading the results in PDF-format, Disposable mail can also be integrated with the most common developer tools such as Slack, HipChat, PagerDuty and Trello. By integrating Disposable mail directly into your infrastructure you will get notified when vulnerabilities are found and keep people informed about the latest security issues on a regular basis.

Stay tuned on our blog, our twitter (@detectify) and sign up for our newsletter through the opt-in field in the sidebar to get more security news. And if you have any ideas, feedback or any comment, do not hesitate to reach out to us to start a dialogue.

Temp Mails ( is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Why manual pentesting and automation go hand in hand – 10 minute mail

Security testing has historically been driven by annual compliance audits, but the rapid changes in web security require a new approach. In this article, we explain why manual pentesting and automation are a great fit and how you can combine them to improve your web application’s security.

It’s time for a new approach to web security

Although manual penetration testing and automated security testing are very different, they are not mutually exclusive. On the contrary, combining their strengths results in a broad and effective approach to security.

Performed by skilled security experts who try to compromise a web application, in-depth manual pentests help discover vulnerabilities and identify complex attack vectors. However, the amount of code pushed live every day poses a challenge as it is increasingly difficult for security teams to keep track of the latest threats.

This is where automated security testing comes in. Running against a web application on a regular basis, automated testing tools are continuously updated with new security tests. With the help of automation, vulnerabilities can be discovered before new code is pushed to production.

Combining Manual Penetration Testing and Automation 

The benefits of combining manual penetration testing and automated security testing

Increase the frequency of tests and extend their coverage
With the help of automation, developers can identify and remediate security issues quickly and effectively. Emerging threats are constantly addressed throughout the development cycle, keeping the web application safe in between manual penetration tests with scheduled scans.

Improve security knowledge inside the organisation
Knowledge is spread across the development team instead of being limited to a security team or external security experts. This way, security becomes a core value and a natural part of the development process that is considered from the very first line of code.

Maximise the value of manual penetration testing
Security issues are fixed by the development team before new code is deployed to production, allowing pentesters to focus on more complex attack vectors.

How Disposable mail complements penetration testing

Easy to use
Disposable mail’s simple to use interface, integrations with popular developer tools, team functionality, and informative reports make it easier for you and your team to work with security.

Made for tech teams by ethical hackers
Whether you work with vendor management, dev ops, development, or security, Disposable mail helps you integrate security into your workflow.

  • Disposable mail’s extensive knowledge base with code examples helps your team learn about security and write safer code.
  • Set up your staging environment using Disposable mail and ngrok.
  • Fix security issues before deploying new code to production.
  • Disposable mail integrates with tools like JIRA, HipChat, Slack, PagerDuty and Zapier, making it easier to track your website’s security status
  • New tests are added to the scanner on a continuous basis.

Always up-to-date 
To deliver the most up to date and relevant security tests to clients, we have extended our team with external ethical hackers through Disposable mail Crowdsource, our crowdsourcing platform. This enables us to challenge the hacker community to identify new vulnerabilities which we build into our service, covering a wide range of technologies.

Temp Mails ( is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.