How are software development applicants cheating? Prior to COVID-19, many companies had engineering applicants take coding skills assessments in person. On-premises testing allowed employers to control the environment and observe the applicant’s process. Now, employers are providing these assessments (and getting observations) remotely, and applicants (almost exclusively at the junior level) are gaming the platforms. The […]

You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests. But DevSecOps can’t be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do. The WAF is not […]

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can also be exploited to launch […]

Web Application Security More Critical Than Ever Other findings from the report include: An overall prevalence of high-severity vulnerabilities such as remote code execution, SQL injection, and cross-site scripting; Medium-severity vulnerabilities such as denial-of-service, host header injection and directory listing, remained present in 63% of web apps in 2020; Several high-severity vulnerabilities did not show […]

Digital business mindset While developing a seamless and successful digital mindset with a security strategy is not a simple task, the effort is crucial for the health of a company. Unfortunately, security tools haven’t always gotten the best rep with developers, who feared the tools would slow them down, reflect poorly on their work, or […]

The SolarWinds digital supply chain attack began by compromising the “heart” of the CI/CD pipeline and successfully changing application code. It highlighted the major challenges organizations face in securing their applications across the software development lifecycle and is driving increased attention at the highest levels of enterprise and government. In fact, Reuters recently reported that the Biden administration […]

Today, rapid digitalization has placed a significant burden on software developers supporting remote business operations. Developers are facing continuous pressure to push out software at high velocity. As a result, security is continuously overlooked, as it doesn’t fit into existing development workflows. The way we build software is increasingly automated and integrated. CI/CD pipelines have […]

The fundamentals of a formal, effective application security plan should start with business objectives, tools, processes and most of all, data, with the primary driver for securing applications focused on protecting data. While it is important to surgically address the insecurities in a mission-critical application, it is equally important to continuously upskill the development and […]

DEVSECOPS Enough about culture and on to DevSecOps. What kind of culture allows it to thrive? An important aspect is having a better understanding of the motivators of and detractors in each element. I won’t review those here because they are covered well in this article: https://www.stackrox.com/post/2021/02/devops-vs-devsecops-heres-how-they-fit-together/ But I will say that this topic brings to mind […]

A research from Secure Code Warrior has revealed an attitudinal shift in the software development industry, with organizations bucking traditional practices for DevOps and Secure DevOps. The global survey of professional developers and their managers found 70% of organizations recognize the importance of secure coding practices, with results indicating an industry-wide shift from reaction to […]

The Spectre vulnerability, which stems from vulnerabilities at the CPU design level, has been known for over 3 years now. What’s so interesting about this PoC is that its feasibility for leaking the end-user’s data has now been proven for web applications, meaning that it’s no longer just theoretical. The vulnerability in affected CPUs has […]

Remember XcodeGhost? It was a pirated and malware-tainted version of Apple’s XCode development app that worked in a devious way. You may be wondering, as we did back in 2015, why anyone would download and use a pirated version of Xcode.app when the official version is available as a free download anyway. Nevertheless, this redistributed version of Xcode […]

AI and ML technologies have made great strides in helping organizations with cybersecurity, as well as with other tasks like chatbots that help with customer service. Cybercriminals have also made great strides in using AI and ML for fraud. “Today, fraud can happen without stealing someone else’s identity because fraudsters can create ‘synthetic identities’ with […]

“Application security was traditionally very low on CISOs’ priority list but, as the attacks targeting applications increase in frequency, it’s getting more attention,” Eugene Dzihanau, Senior Director of Technology Solutions at EPAM Systems, told Help Net Security. “The application layer is quickly becoming more exposed to the outside world, drastically increasing the attack surface. Applications are […]

If you’ve ever used the Python programming language, or installed software written in Python, you’ve probably used PyPI, even if you didn’t realize it at the time. PyPI is short for the Python Package Index, and it currently contains just under 300,000 open source add-on modules (290,614 of them when we checked [2021-03-07T00:10Z]). You can download and […]

Penetration Testing is a method that many companies follow in order to minimize their security breaches. This is a controlled way of hiring a professional who will try to hack your system and show you the loopholes that you should fix. Before doing a penetration test, it is mandatory to have an agreement that will […]