Archive for the ‘App Security’ Category

Mobile app creation: Why data privacy and compliance should be at the forefront

A user’s personal data can be anything from their user name and email address to their telephone name and physical address. Less obvious forms of sensitive data include IP addresses, log data and any information gathered through cookies, as well as users’ biometric data. Any business whose mobile app collects personal information from users is […]

Leave a Comment

Big bad decryption bug in OpenSSL – but no cause for alarm

The bugs OpenSSL, as its name suggests, is mainly used by network software that uses the TLS protocol (transport layer security), formerly known as SSL (secure sockets layer), to protect data in transit. Although TLS has now replaced SSL, removing a huge number of cryptographic flaws along the way, many of the popular open source […]

Leave a Comment

APIs Create New Security Headaches

How APIs Create Security Risks The proliferation of APIs that power applications, microservices, containers and serverless functions have created one of the greatest sources of security risk that businesses face today. The reason is simple: It’s not the development team’s responsibility to handle security. At the same time, however, security operations teams don’t have visibility […]

Leave a Comment

How to Reduce Risk with Runtime Application Self Protection

Instead of waning, cyber attacks continue to rise as the years pass. Several reasons contribute to this phenomenon, despite developing and deploying more robust network and data security platforms. First, the recent spate of disruptive cyberattacks hampering operations of organizations and government agencies proves that cybercriminals are becoming bolder in perpetuating their malicious activities. These […]

Leave a Comment

Adopting Zero-Trust for API Security

Why Use Zero-Trust for API Security Think of APIs as the new network; interconnected in complex ways and with API interactions happening both within and outside  of the organization. “Public-facing APIs—for example, consumer banking—are usually a key area of focus when it comes to zero-trust,” said Dunne. “This is due to the obvious risk exposure […]

Leave a Comment

Google open-sourced Allstar tool to secure GitHub repositories

Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration. “Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its […]

Leave a Comment

The RedMonk Programming Language Rankings

This iteration of the RedMonk Programming Languages is brought to you by Microsoft. Developers build the future. Microsoft supports you in any language and Java is no exception; we love it. We offer the best Java dev tools, infrastructure, and modern framework support. Modernize your Java development with Microsoft. While we generally try to have our […]

Leave a Comment

APPSEC TESTING APPROACHES

AppSec testing Approach CheatSheet pdf download 5 Things a Pen Tester Looks for When Evaluating an Application PenTest as a Service The Web Application Hacker’s Handbook

Leave a Comment

4 Warning Signs of an Insecure App

The “golden age of digital transformation” is upon us, and companies around the globe are scurrying to meet consumers on the digital frontier. For developers, it is a virtual gold rush, as businesses overhaul their infrastructure to meet consumers where they are—their mobile phones. For most, this means developing a mobile app. Unfortunately, the byproduct of […]

Leave a Comment

Hiring remote software developers: How to spot the cheaters

How are software development applicants cheating? Prior to COVID-19, many companies had engineering applicants take coding skills assessments in person. On-premises testing allowed employers to control the environment and observe the applicant’s process. Now, employers are providing these assessments (and getting observations) remotely, and applicants (almost exclusively at the junior level) are gaming the platforms. The […]

Leave a Comment

DevOps didn’t kill WAF, because WAF will never truly die

You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests. But DevSecOps can’t be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do. The WAF is not […]

Leave a Comment

Privacy and security in the software designing

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can also be exploited to launch […]

Leave a Comment

Outpost24 report finds Top 10 US Credit Unions all have web application issues

Leave a Comment

Web Application Security’s Lost Year

Web Application Security More Critical Than Ever Other findings from the report include: An overall prevalence of high-severity vulnerabilities such as remote code execution, SQL injection, and cross-site scripting; Medium-severity vulnerabilities such as denial-of-service, host header injection and directory listing, remained present in 63% of web apps in 2020; Several high-severity vulnerabilities did not show […]

Leave a Comment

Digital business requires a security-first mindset

Digital business mindset While developing a seamless and successful digital mindset with a security strategy is not a simple task, the effort is crucial for the health of a company. Unfortunately, security tools haven’t always gotten the best rep with developers, who feared the tools would slow them down, reflect poorly on their work, or […]

Leave a Comment

Securing Dev Environments is Security Leaders’ Top Concern

Leave a Comment

Applications Are Everything and Everywhere – Does Whack-a-Mole Security Work?

The SolarWinds digital supply chain attack began by compromising the “heart” of the CI/CD pipeline and successfully changing application code. It highlighted the major challenges organizations face in securing their applications across the software development lifecycle and is driving increased attention at the highest levels of enterprise and government. In fact, Reuters recently reported that the Biden administration […]

Leave a Comment

The growing threat to CI/CD pipelines

Today, rapid digitalization has placed a significant burden on software developers supporting remote business operations. Developers are facing continuous pressure to push out software at high velocity. As a result, security is continuously overlooked, as it doesn’t fit into existing development workflows. The way we build software is increasingly automated and integrated. CI/CD pipelines have […]

Leave a Comment

Building Immunity at AppSec Insertion Points

The fundamentals of a formal, effective application security plan should start with business objectives, tools, processes and most of all, data, with the primary driver for securing applications focused on protecting data. While it is important to surgically address the insecurities in a mission-critical application, it is equally important to continuously upskill the development and […]

Leave a Comment

DevSecOps as a culture – What you need to know

DEVSECOPS Enough about culture and on to DevSecOps. What kind of culture allows it to thrive? An important aspect is having a better understanding of the motivators of and detractors in each element. I won’t review those here because they are covered well in this article: https://www.stackrox.com/post/2021/02/devops-vs-devsecops-heres-how-they-fit-together/ But I will say that this topic brings to mind […]

Leave a Comment