Ilia Kolochenko

Ilia Kolochenko is a Swiss application security expert and entrepreneur. Ilia holds a BS (Hons.) in Mathematics and Computer Science, and is currently performing his Master of Legal Studies degree at Washington University in St. Louis.

Starting his career as a penetration tester, he later founded web security company High-Tech Bridge, headquartered in Geneva. Under his management, High-Tech Bridge won SC Awards Europe 2017 and was named a Gartner Cool Vendor 2017 among numerous other prestigious awards for innovation in application security and machine learning.

Ilia is a contributing writer for SC Magazine UK, Dark Reading and Forbes, mainly writing about cybercrime and application security. He is also a member of the Forbes Technology Council.

The opinions expressed in this blog are those of Ilia Kolochenko and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Web application security risks: Accept, avoid, mitigate or transfer?

Web application security risks: Accept, avoid, mitigate or transfer?

Web application security is a very hot topic these days. What shall CISOs do with the related risks?

Five most common myths about Web security

Five most common myths about Web security

Running behind trendy APTs we tend to forget about common-sense approach and holistic risk assessment.

Blackhole exploit kit author sent to jail: Pyrrhic victory for the cybersecurity industry

Blackhole exploit kit author sent to jail: Pyrrhic victory for the cybersecurity industry

The imprisonment is rather a defeat than a victory for our industry if we carefully look into the details.

Cybersecurity spending: more does not necessarily mean better

Cybersecurity spending: more does not necessarily mean better

Cybersecurity is not something you can just buy, but something you should thoroughly build.

Why PCI DSS cannot replace common sense and holistic risk assessment

Why PCI DSS cannot replace common sense and holistic risk assessment

Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.

Web Application Firewall: a must-have security control or an outdated technology?

Web Application Firewall: a must-have security control or an outdated technology?

Can WAF be an efficient security control for modern web applications?

Five rules to conduct a successful cybersecurity RFP

Five rules to conduct a successful cybersecurity RFP

It’s too early to speak about a cybersecurity bubble, however, it becomes more and more difficult to distinguish genuine security companies, with solid in-house technologies, and experts with flashy marketing and FUD (Fear,...

Facebook scandal or can bug bounties replace traditional web security?

Facebook scandal or can bug bounties replace traditional web security?

Can crowd-sourcing approach to web security testing work for your corporate applications?

How to calculate ROI and justify your cybersecurity budget

How to calculate ROI and justify your cybersecurity budget

If you speak with management about money – speak their language and you will definitely get what you need.

Five reasons why hackers easily get in

Five reasons why hackers easily get in

Vulnerable web application is a great gift for hackers, as it significantly reduces their time, cost and efforts to get into corporate network. Why companies fail to secure their web apps?

Spending millions on APT defense? Don’t forget about Third Party Risk Management

Spending millions on APT defense? Don’t forget about Third Party Risk Management

Being a large company, you have a risk when hiring a third-party consultant - you condemn them to be hacked instead of you.

DDoS attacks: a perfect smoke screen for APTs and silent data breaches

DDoS attacks: a perfect smoke screen for APTs and silent data breaches

Growing DDoS attacks more and more frequently try to distract incident response teams in order to hide much bigger security incidents.

How to secure the Internet of Things and who should be liable for it?

How to secure the Internet of Things and who should be liable for it?

How to secure connected devices before it will be too late?

CTF players versus professional penetration testers

CTF players versus professional penetration testers

I decided to write this post after several friends of mine, CISOs within different organizations, asked me if Capture the Flag (CTF) experience makes any difference when evaluating incoming CVs for internal IT security auditor or...

The Oracle blog mess is missing a global business perspective

The Oracle blog mess is missing a global business perspective

Lot of interesting opinions were expressed about recent Oracle's CSO blog post, however not many of them covered the business background of the story. Let's try to fix it.

Continuous monitoring and web security: Are you competitive with Black Hats?

Continuous monitoring and web security: Are you competitive with Black Hats?

Nowadays security companies have to compete not only with other vendors, but also with sophisticated cyber gangs. If you will fail to detect and patch security vulnerabilities in a timely manner – Black Hats will do it for you, but...

Modern APTs start at your corporate website

Modern APTs start at your corporate website

Have you ever though which role your corporate web applications may play in an APT attack against your company?

Cybersecurity and geopolitics are intertwined

Cybersecurity and geopolitics are intertwined

Have you ever thought how the global economy and geopolitics influence cybersecurity and cybercrime? Some people may think that these are two completely different domains, however they are strongly and permanently related.

Think your website isn’t worth anything to hackers? Think again

Think your website isn’t worth anything to hackers? Think again

Many people think that if their website is not an e-banking application or e-commerce platform, hackers have nothing to steal. They think that a hacked website can be quickly and easily repaired, and nobody will ever remember the...

Load More