John Mick, Developer, Afonso: “Automation makes you smarter, not lazier” – 10 minute mail

Automation doesn’t lead to laziness, at least when it comes to security. Everyone (or everyone we like) wants a better, more secure web. You’re definitely aware of the need to prevent malicious attacks and data breaches, but unless you have a security expert on your team, you’re not very likely to have the knowledge, the time, or the resources to get out in front of your security.

So how do you go from being reactive to being preventive? We spoke with one of our customers, John Mick, of Stockholm-based web agency Afonso, about how they made security a habit – and about what happened next.

When did you realize that security was important for your business? Were there any disasters or close calls?
We’ve been thinking about security for some time, that we should be more strategic with it. We’ve had situations where old sites have been hacked. I’d seen an article on Hacker News about Disposable mail a couple of years ago, and when one of our sites got hacked last spring, I decided it was time to try it.

As soon as I did, the first scan found the problem area and I was able to fix it quickly. Since then, we’ve integrated Disposable mail into the ongoing work for all of our clients.

What impact has security had on your organisation?
It’s changed the way we work in the sense that now we have a forward-planning approach to it. We’re able to fix issues before they become a problem, and it’s become a natural part of the dialogue with our clients.

I’ve been able to relax and rely on Disposable mail to find the problem areas so I can act on them quickly.

What has changed since you started building security into your team’s workflow?
Bringing in Disposable mail to our daily routine has really raised our knowledge base within the area, and it’s come to the point where we’ve started to guess where we’ll have security holes.

Security as a topic has become a lot more evident in our daily work, and I assume in the near future it will be even more structured, and part of our sprint planning.

What’s been the best benefit of regular security scanning?
The biggest advantage has been that with Disposable mail’s findings as a backup, we’ve been able to show internally and externally that security is something you need to work with continuously. And you have to take a proactive approach.

Can we ask you what your favorite feature is?

If I have to choose, I’d say it’s that Disposable mail looks at subdomains, and is able to find parts of the site we might have forgotten about.

Read our blog post about why agencies should work with security and how adding security to your offer will make you stay relevant while increasing revenue and customer loyalty.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Erik Glad, IT Security, SBAB: “Disposable mail is the product we have had most fun using” – 10 minute mail

Web security is a top priority for every bank, but perhaps even more so for a bank that has decided to focus on remote services, via phone and online banking. SBAB aims to be a challenger bank and has embraced an agile way of working where innovation permeates the entire organisation, including development. SBAB’s IT security team uses Disposable mail to improve the security of their public website. We talked to Erik Glad, who works with IT Security at SBAB, to learn more about his thoughts on web security and Disposable mail.

SBAB bank

What attracted you to working with security?
I have always thought web security was exciting because it allows you to work with the latest technology and always be at the front edge.

How does SBAB work with security?
Customers’ heightened awareness of security issues along with more comprehensive legislation have rendered security more crucial than ever. Our development team has a rigorous testing process where security plays a key role in every phase, from development to production. We also invest in internal education and allow developers to learn how to write safer code. Our agile way of working means that team members are encouraged to try out new ideas and services that could improve our security and this is exactly how we came across Disposable mail. Naturally, we also have other projects dedicated to preventing security breaches.

How do you use Disposable mail?
Every part of our development chain is supported by a comprehensive set of testing tools and Disposable mail is an important addition to our production phase. We run Disposable mail’s security tests as part of our security program for our public web. It is extremely important that this customer-facing site is secure.

How would you describe your experience with Disposable mail?
It was very easy to get started with Disposable mail. When testing new products, we always start with a Proof of concept period and then determine if the product has worked well and created value, which was the case with Disposable mail. Everyone in the team was very happy with Disposable mail – it is the product we have had most fun using! We appreciate the information and remediation tips you offer as we have learnt a lot from them.

Why would you recommend Disposable mail?
I would recommend Disposable mail because it is fast, identifies the most vulnerabilities and weeds out false positives. We can rely on you to detect relevant findings!


Would you like to use Disposable mail to improve your web security like SBAB? Register for a free trial to evaluate our tool!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Joachim Hedenius, KRY: ”Once you get started, you’ll want to use Disposable mail as much as possible!” – 10 minute mail

KRY is undoubtedly one of Sweden’s most successful and talked-about startups. The company offers video consultations with licensed doctors through their app and is revolutionizing the healthcare sector by making quality healthcare safe and easy to access. KRY use Disposable mail to continuously monitor their web applications and find potential vulnerabilities – something they believe is essential due to the strict security requirements they need to comply with. Joachim Hedenius, KRY’s co-founder and CTO, talked to us about the advantages of using Disposable mail.

Was security high on your agenda from the start?
It took us a year of development before we launched KRY because we wanted to make sure it would be a great product. We didn’t want to release a service that would be dismissed straightaway or get bad publicity. Instead, our goal was to make KRY something people would want to support and security has always been an important part of this.

We have spent whole days discussing security with the county councils to ensure we fulfill even the toughest requirements. I think our field, alongside banking and finance, needs to satisfy the strictest security measures, and that’s definitely a good thing. Ultimately, we are talking about the security of our patients and sensitive data that could be leaked.

How did you get started with Disposable mail?
Both me and Johannes, also a KRY co-founder, heard about you a long time ago. We were already working a lot with security, but we wanted to complement that with automated security testing, so we turned to you. At first, we were a little reluctant – after all, using Disposable mail meant giving you permission to hack us and we wondered how that would work out, whether the testing would generate lots of traffic and so on. But once we got started, it felt great! After the first scan, we just wanted to use the tool as much as possible.

How do you use Disposable mail today?
Internally, we use Slack quite a lot, which is why we use your Slack integration to get all the information pushed to our channel. It notifies us when a test begins, when vulnerabilities are discovered, and when a test is completed.

We use Disposable mail to test the security of our whole environment, including production – you help us find vulnerabilities. Because Disposable mail pushes security information to our Slack channel, it also helps creating a security awareness in our organisation. I think Disposable mail integrates seamlessly with the entire development chain.

What is your favourite Disposable mail function?
The Slack integration, of course! At KRY, everything happens on Slack, so a quick and easy way to integrate security into our workflow is a real dealbreaker for us. It is important to set high goals for your security status and acquire the necessary tools to support the work in an efficient way. Disposable mail allows us to do just that. It’s great to be able to do continuous security testing.

What is it like to work with Disposable mail as a company?
The way you communicate with your customers is really admirable and we think it’s great fun to have meetings with you. Because we have to work hard to keep our web applications safe, it’s fantastic to talk to people who are so passionate about security. You take care of all your existing clients and still manage to get out and about and invite people to seminars, for example.

Apart from using Disposable mail, how do you work with security?
KRY is built on trust that needs to be nurtured, so security is very important to us and permeates everything we do. We work a lot with risk analyses, which has fostered a security-oriented way of thinking in the organisation. We do continuous risk assessments of the entire IT security system as well as every time a new feature is released.

Security knowledge is becoming increasingly important in the recruitment process and being able to show an interest in security is going to become a huge advantage. We are very upfront about our expectations when we recruit and let developers know that the product we are building needs to be secure. If security requirements make you feel nervous, KRY is not the right place for you.


Would you like to use Disposable mail to improve your web security like KRY? Register for a free trial to evaluate our tool!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Andreas Larsson, CTO/Lead Developer, Fakturabörsen: “Working with Disposable mail is a win-win situation!” – 10 minute mail

Fakturabörsen, one of Disposable mail’s very first customers, is a marketplace for invoices where companies can turn their invoices into capital. Andreas Larsson, CTO/Lead Developer, has decided to choose Disposable mail over expensive enterprise tools. In this interview, he explains why.

Fakturabörsen

How did you hear about Disposable mail?
I first came across Disposable mail when I started working in banking and finance at Fakturabörsen. I set up the development department here and when we built a new generation of our platform I had to test it on different levels, including penetration and security testing.

I had previously used HP and IBM’s tools for this type of security testing and they simply cost way too much. We started thinking about building something ourselves, but the good thing with Disposable mail is that you get the whole package – an up-to-date security service that doesn’t cost an arm and a leg. We immediately thought it sounded interesting and that’s how we got in touch.

What was it like to get started with the tool?
It was surprisingly easy to get started. We thought we would have to install agents or clients on the computer, but because everything is remote, you just need to verify your domain and get going, which was a pleasant surprise.

What are the challenges of working with security as an organisation?
It’s the classic story; once a month, you need to show management that your expenses are justified and explain why money is being spent on certain services. In the case of Disposable mail, we explain what could happen if someone was to find a vulnerability on our site and then compare that to how much it costs to pay for security tools. If you put it like this, it’s rather easy to justify the expenses.

How did the developers who use Disposable mail react?
Their reactions were positive, but there’s also been a fair bit of swearing when we got bad results! We’ve had to rebuild or discard websites a couple of times, but it’s better to discover  vulnerabilities like this than have someone else come across them.

How do you use Disposable mail?
We run recurring scans every week and complement that with more tests if needed, for example, if we release a new site or a new application. Our overall sense of security has improved thanks to being able to analyse and follow our progress with Disposable mail.

We use the Slack integration so Disposable mail sends information to Slack and via email every time we run a test.

I really like the tool and that it can be effortlessly integrated into the workflow. Disposable mail also works well with other tools we use.

What is your favourite Disposable mail function?
That it offers suggestions on where we can find vulnerabilities. Other tools I have used identify security issues but don’t give you any tips on how to resolve them.

I like the entire tool. In terms of integrations, we only use Slack, but we’re looking forward to the JIRA integration (released 15/09) that will automatically create a JIRA ticket when a vulnerability is discovered.

Are there any other aspects of using Disposable mail that you particularly like?
We think the amazing thing about Disposable mail is that you have a network of researchers who continuously discover new zero day vulnerabilities and exploits. You keep an eye on what the entire security community is up to, do your own research and build it into modules. This means that we don’t need to do this type of research ourselves and don’t have to worry as much.

Looking for vulnerabilities is a full-time effort, but our main job is building trading systems. It’s thanks to working with Disposable mail that we remain up-to-date – it’s a win-win situation!


Would you like to use Disposable mail to stay on top of security like Fakturabörsen? Register for a free trial to evaluate our tool!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Pär Stålberg, Ottoboni: “As an agency, you don’t want a site you have built to get hacked” – 10 minute mail

Ottoboni is a Swedish web agency with an impressive list of customers including some of the country’s largest companies and government authorities. Today, the agency runs Disposable mail security tests on the websites of some of their most security-aware customers. Pär Stålberg, senior digital production manager at Ottoboni, believes that security will grow to become a natural part of all customer dialogues. He emphasises that agencies have an extremely important role in introducing customers to web security and educating them in security matters.

Ottoboni logo

When did security become an important part of your job?
Security has been a large part of my work for the past 3-5 years. I have worked with customers that already had an innate sense of security from the start, but even they have made great strides over the years. Their security awareness has increased considerably, most likely as a consequence of current events and threat assessments.

Overall, people are beginning to be more careful. In the past, websites weren’t as important as they are now; a site could be down for a while and nobody would really care. That has changed.

What do your dialogues with customers look like when it comes to security?
New customers ask a lot of questions about security. Certain types of companies, like banks, naturally have plenty of security questions, but the majority of our customers rely on us when it comes to security education.

Compared to the dialogues we have had with customers about SEO or mobile, security develops much faster. There’s also a lot of money at play in web security. Nobody wants to be hacked. As an agency, we don’t want to a site we have built to get hacked. It could have a devastating effect on our brand.

Why is it so important for agencies to lead the security dialogue?
The arguments for security usually come too late, once you’ve already been hacked and at that point, your brand might already be destroyed. Security breaches and password libraries are in the news every day and as a company, you certainly don’t want to end up in that situation.

Sometimes people don’t understand how valuable security is. They build campaign sites with “cowboy code” and don’t consider security at all, then forget about the vulnerable website. It is really important for agencies to offer help and guidance.

How do you use Disposable mail?
We run Disposable mail on the websites of a few of our customers who are particularly aware of security. The service runs in the background on most of their subdomains and domains. The reports have been really helpful, but we are now planning to step up the way we use Disposable mail.

I think the best way to work with Disposable mail as an agency is to offer it to customers as a retainer. You can use the reports to help you decide how much time needs to be set aside to work with the results.

What are the main benefits of using Disposable mail?
The peace of mind. We want a stable foundation of security to prevent breaches, and for us, Disposable mail serves as a good basis, making us feel more confident in our sites’ security.

We often find vulnerabilities with Disposable mail’s help. Many of them are security issues that weren’t created by us, but are, for example, a CMS that needs to be upgraded to a newer version. This type of overview is something we couldn’t achieve manually.

What is your favourite Disposable mail function?
We use the Slack integration to get all the test information pushed to Slack and it’s great. I have been using Disposable mail for a long time and many of the features we have discussed over the years are now part of the service, for example Teams and Scopes and Targets. Your responsiveness is what makes Disposable mail even more interesting, it’s fun to be involved in product development as a customer.

What do you say to developers who use Disposable mail?
Sometimes developers are reluctant to test their own code, but I often say that if you test the site and fix the security issues, you have really achieved something. It’s like a validation of your skills.

It’s impossible to keep up with all the security news if you’re working with production – staying on top of new vulnerabilities is a full-time job in itself! Instead, Disposable mail takes care of that for us with the help of their researchers.


Read our blog post about why agencies should work with security and how adding security to your offer will make you stay relevant while increasing revenue and customer loyalty.

Would you like to use Disposable mail to stay on top of security like Ottoboni? Register for a free trial to evaluate our tool!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Amit Verma, Sonokinetic: “We were up and running in less than 30 minutes” – 10 minute mail

Sonokinetic BV is a virtual instruments manufacturer based in the Netherlands catering to composers in the media industry. The company produces professional audio tools that change the way content is created and help composers focus on their creativity without losing time getting stuck on technical aspects of the digital production path. Amit Verma, Chief Web Officer at Sonokinetic, says Disposable mail’s extensive vulnerability database helps the team secure their website and is one of the main tools Sonokinetic use to support their web security work. Sonokinetic

What are the key challenges of working with security as an organisation?
The key challenges we face are that technology is changing rapidly, which means we face new security threats every day. It is hard to stay on top of potential vulnerabilities that emerge all the time. Even if we identify the security threats, finding a solution to fix them adequately and rapidly can prove a challenge.

How did you hear about Disposable mail?
We were researching a number of security services based on recommendations from people we know.

What was it like to get started with the tool?
It was simple to set up the tool with little technical knowledge. We were up and running in less than 30 minutes.

What is your favourite Disposable mail function?
The most interesting feature for us is the database containing a great amount of vulnerabilities

Why would you recommend Disposable mail?
We benefit from using the services provided by Disposable mail to secure our website and we would like to tell others to secure their websites too.

 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Jesse Wojtkowiak, Pipedrive: “Disposable mail creates efficiency” – 10 minute mail

Pipedrive is a sales pipeline management tool that helps teams analyse their sales process and focus on what matters most. Founded in 2010, the company now helps over 30.000 customers around the globe increase their productivity and take their sales to the next level. Jesse Wojtkowiak, Information Security Manager at Pipedrive, has been working in security related environments his entire life and says the workload is higher than ever before, which is why efficient security solutions like Disposable mail are extremely valuable.

Pipedrive

 

How did you get into security?
I was in the navy for 22 years and worked primarily in the fields of operational and physical security.  After I retired from the navy, I went back to school in Tallinn to study cyber security and start a new career.

Does security play a role in your customer dialogues?
It definitely comes up and it’s not just about security. Customers are also concerned about privacy and regulations like the GDPR.

Are people becoming more aware of security threats?
The media is doing a good job of making sure people know what’s happening, especially in America. People are affected directly by scams and credit card fraud. American credit card companies are required to protect customers and offer insurance, but that’s not the case in Europe and most of the rest of the world, so it’s also a question of responsibility.

How did you hear about Disposable mail?
We spend around 10% of our time researching new solutions and we found Disposable mail via an investment group. We took a closer look and it seemed like a tool that could work well for our application.

How do you use Disposable mail?
We scan our application and our blog, and we also scan behind login. We run the scans once a week and use the JIRA integration to get the results to feed automatically into production. This way, we can do a risk assessment, assign findings to developers, brief them, and monitor the resolution.

For us, Disposable mail is becoming more and more about security efficiency. You can do security all day long and there are just not enough hours in the day. Anything that creates efficiency is very valuable.  We feel that Disposable mail and Pipedrive are growing at a complimentary pace.

What is it like to work with Disposable mail as a company?
The communication is quick and responsive. If we come across something we don’t understand, there’s always someone who will get back to us and explain the vulnerabilities. We have tried some bigger scanners that are enterprise-focused and it can take days to talk to someone, so Disposable mail is a better fit for how we operate.

What are the challenges of working with security?
Not much has changed in security, there’s just more of it and the amount of time you spend working on security has increased exponentially. Keeping up with the workload is a challenge and efficiency is key. Disposable mail frees up more time to do other things and even simple features like the JIRA integration save time and provide so much value.

Sign up for a free trial

 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Todd Troutman, Qualpay: “Disposable mail is the magic combination of simple and powerful” – 10 minute mail

Qualpay is a payment processing platform that allows merchants to focus on their business. Todd Troutman, Senior Systems Engineer at Qualpay, uses Disposable mail to automate and simplify his work with security and says Disposable mail is a valuable complement to PCI approved scanners. 

Qualpay logo

 

How did you come across Disposable mail?
You guys had a lot of publicity about a year ago for finding a vulnerability in Patreon and that’s how I originally heard of Disposable mail.

What are the greatest challenges of working with security?
You want the developers to be able to do what they need to do, but it’s really good to be automatically informed by a third party like Disposable mail. Disposable mail lets developers know that what they’ve pushed to production didn’t have any kind of new vulnerability or that no new vulnerability has been discovered that they need to address in the existing code.

Because I work with payments, I need to comply with PCI standards, which involves a yearly audit. Most of the scanning services that are PCI certified meet the regulatory checkboxes, but Disposable mail is more comprehensive and much more up to date. Even the false positives that Disposable mail has found occasionally have been good learning experiences.

What’s your favourite Disposable mail feature?
The one I’ve been using the most recently is the ability to update the HipChat room for developers and have them see when something new’s been found or something new’s been introduced. We then create Jira cases to track down the findings and decide whether they are an accepted risk, a false positive or something we need to fix.

Why would you recommend Disposable mail?
The interface is very simple, the results that it finds are very useful and they are described very well. The scans seem to run very quickly, which is good because a lot of scanning services seem to have a very long turnaround time. Basically, it’s the magic combination of simple and powerful that’s easy to deploy and get useful results immediately for a very reasonable price.

The support is good too – I only got confused in the interface one time and support answered very very quickly and very accurately. A fast response from support is something I really value.

How does Disposable mail integrate with how you work with security?
I don’t do a particular scan based on pushing new code to production, I went with the default scan intervals. I just react to things as they get pushed to the HipChat room and then go into the interface to check the details.

I have also been able to submit Disposable mail results to our PCI auditor for some segments of PCI as additional documentation. Overall, the service seems very complimentary to PCI certified scanning and I think it’s a good extra. When it comes to security, you never know if you’ve really gotten everything so having an extra check on top of everything is very valuable.

Sign up for a free trial

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Fredrik Alexandersson, Office IT-partner: “Disposable mail is my hacker toolbox” – 10 minute mail

Office IT-Partner is a Swedish IT consultancy providing a range of tailored solutions to clients across the country. Fredrik Alexandersson, Systems architect and Senior security advisor, who has been working at Office IT-partner for 13 years, uses Disposable mail to continuously update clients on their security status and advise them on how to improve it.  

Fredrik Alexandersson, Systems architect & Senior security advisor at Office IT-Partner

Has security always been a part of your work?
Yes and no. Security by design has always been something we’ve worked with, for example, by building secure networks, but I don’t build web applications.

What kind of security questions do you get from clients?
It’s a mixed bag. Clients ask me everything from “I saw a video where someone hacks a printer, how did they do it?” to “Do we really need to have a password longer than 6 characters?” There’s a lot of variation, but one thing that’s certain is that security is trending. You can’t dodge it any longer.

Do you think the trend will continue?
Definitely. As we inspire more people to understand the importance of fixing vulnerable code, we’ll also get more questions about security. It’s important to communicate this in a way that helps people understand.

What does the security work at Office IT Partner look like?
Security is one of our core focus areas. We have redone our entire architecture and try to work only with security by design. This includes everything from how we onboard new clients to how we work with our data.

How do you guide clients through security work?
We explain what can happen if they’re vulnerable because this is the only way we can really raise the security level. Decision-makers don’t always understand the potential consequences and they might say “I know this is a problem, but we don’t have time to fix it.”

The thing is, our clients are users, I’m a user, you’re a user. We’re always going to try and find the easiest solution. This is why it’s all about baby steps, teaching people about security in a way that’s easy to understand, maybe teach them some cool security tricks that they can show to someone else and this way, you get a learning organisation.

It’s important to always have a positive approach. Everyone hates the security department because they are the ones that say “You can’t do this, stop doing this,” so we need them to come to us and feel like they’ve done something right. So basically, if you reach out to us, we’ll help you out and make your life easier, but we’ll also act if you use too much shadow IT. Then again, it always comes down to the work we do. If people need to use a lot of shadow IT, it means we’ve missed something.

How do you use Disposable mail?
I scan, then take the report, usually the OWASP Top 10 report, show it to the client and explain what looks good and what doesn’t. I do this as part of a general overview of their status. When something new is about to be released, it’s a good idea to run a Disposable mail scan before the release. Then you know that you’ve done a good job and that there’s no lowest hanging fruit in your code. Of course, zero days do exist, but you can fix the most common issues.

Why did you choose Disposable mail?
Because of the simple and innovative UI. There are so many security tools out there and they give you information, but this is something I can give to people who don’t have a lot of tech knowledge and they can still understand it.

What are the benefits of working continuously with security and automation?
It’s amazing! Disposable mail keeps me on my toes, you find new vulnerabilities and are always updating the tool. Disposable mail is my hacker toolbox for websites.

It’s a bit like going abroad and getting vaccinated. If you’ve had your vaccination and go on holiday again, you need to get another shot, you can’t just say “I’m good, I don’t need to do this again.” Security is something you need to think about every day.

What’s you favourite Disposable mail function?
I like being able to go back in time and compare timestamps. I can then look at the logs and follow up on findings.

If someone asked you why they should use Disposable mail, what would you say to them?
“You’re not using Disposable mail yet? Why not?” It’s all about being prepared. Imagine you were a marine and never did any training. No way!

It’s incredibly important to visualise your threat picture and Disposable mail is a simple tool that developers can understand. You can also use it to check how your IT department is working with security or if a subcontractor is really keeping you up to date. Keeping track of what you’re using is a no-brainer. Go get it!

What do you think is the biggest challenge in security?
Identifying vulnerabilities and knowing how to fix them. It’s not new sites that are the problem, they are often well-written. Legacy is the challenge.


If you would like to keep an eye on your security with Disposable mail like Office IT-Partner, sign up for a free trial!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Johannes Karlsmyr, Episerver: “The Disposable mail portal and the findings are easy to understand, even for non-technical employees” – 10 minute mail

Episerver is a global software company that connects commerce and digital marketing to help organizations create unique digital experiences for their customers, with measurable business results. They offer Disposable mail to customers who want to improve their security. We met with Johannes Karlsmyr, responsible for security at Episerver, to ask him about the Disposable mail user experience, the changing view on security and his favorite features.

How has your view on security changed over time?
Security is definitely beginning to become more mainstream and more transparent. In some of my previous workplaces, you wouldn’t openly discuss vulnerabilities. Companies are now becoming more transparent and many start so-called bug bounty programs.

What do you like about Disposable mail?
One of the things I usually point out to customers is that they do not need my help to get started because it’s so easy. Project managers in development projects are sometimes initially a bit overwhelmed by the results when they log in for the first time, but once they look at the reports properly, they actually understand what is being said. My experience is that project managers, even without previous security or development knowledge, understand the information in the tool. Because the findings are explained so clearly in the reports and the executive summaries are easy to read, they can quickly figure out who is responsible for a specific vulnerability.

The service is very user-friendly compared to many of your competitors. You have really invested in the user experience, in addition to having very good algorithms and filters to find security issues, of course. The portal and the findings are easy to understand, even for non-technical employees. This is important because it’s easy for complex tools to become “tech products” that only tech teams are using.

What’s your favorite feature in Disposable mail?
I like the Zapier integration, because it allows you to integrate with whatever you want later. Very nice!

In addition to Disposable mail, how do you work with security in your organization?
Developers work with secure development methods, both static code analysis and free peer reviews of all commits, which means that all code changes are reviewed by three people before they go live. We do this to make sure we don’t go live with any security flaws.

Our QA team is based in Hanoi and they weed out any potential flaws that may have made it through the development phase.

We also have a resource team that looks at vulnerabilities, weaknesses and trends to make sure we are secure and on top of threats. I have an advisory role so if I find issues like misconfigurations or vulnerabilities, I leave a ticket with the issue to the right department.

What are the most common security mistakes people usually make?
People need to think more about CSRFs! It is also still quite common for developers to create forms that are vulnerable. Unfortunately, you can often upload files, which is not optimal.

If you would like to help your customers stay security with Disposable mail like Episerver, sign up for a free trial!

 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.