Archive for the ‘App Security’ Category

Securing Dev Environments is Security Leaders’ Top Concern

Leave a Comment

Applications Are Everything and Everywhere – Does Whack-a-Mole Security Work?

The SolarWinds digital supply chain attack began by compromising the “heart” of the CI/CD pipeline and successfully changing application code. It highlighted the major challenges organizations face in securing their applications across the software development lifecycle and is driving increased attention at the highest levels of enterprise and government. In fact, Reuters recently reported that the Biden administration […]

Leave a Comment

The growing threat to CI/CD pipelines

Today, rapid digitalization has placed a significant burden on software developers supporting remote business operations. Developers are facing continuous pressure to push out software at high velocity. As a result, security is continuously overlooked, as it doesn’t fit into existing development workflows. The way we build software is increasingly automated and integrated. CI/CD pipelines have […]

Leave a Comment

Building Immunity at AppSec Insertion Points

The fundamentals of a formal, effective application security plan should start with business objectives, tools, processes and most of all, data, with the primary driver for securing applications focused on protecting data. While it is important to surgically address the insecurities in a mission-critical application, it is equally important to continuously upskill the development and […]

Leave a Comment

DevSecOps as a culture – What you need to know

DEVSECOPS Enough about culture and on to DevSecOps. What kind of culture allows it to thrive? An important aspect is having a better understanding of the motivators of and detractors in each element. I won’t review those here because they are covered well in this article: https://www.stackrox.com/post/2021/02/devops-vs-devsecops-heres-how-they-fit-together/ But I will say that this topic brings to mind […]

Leave a Comment

70% of organizations recognize the importance of secure coding practices

A research from Secure Code Warrior has revealed an attitudinal shift in the software development industry, with organizations bucking traditional practices for DevOps and Secure DevOps. The global survey of professional developers and their managers found 70% of organizations recognize the importance of secure coding practices, with results indicating an industry-wide shift from reaction to […]

Leave a Comment

Using memory encryption in web applications to help reduce the risk of Spectre attacks

The Spectre vulnerability, which stems from vulnerabilities at the CPU design level, has been known for over 3 years now. What’s so interesting about this PoC is that its feasibility for leaking the end-user’s data has now been proven for web applications, meaning that it’s no longer just theoretical. The vulnerability in affected CPUs has […]

Leave a Comment

Accellion Supply Chain Hack

Leave a Comment

Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs

Remember XcodeGhost? It was a pirated and malware-tainted version of Apple’s XCode development app that worked in a devious way. You may be wondering, as we did back in 2015, why anyone would download and use a pirated version of Xcode.app when the official version is available as a free download anyway. Nevertheless, this redistributed version of Xcode […]

Leave a Comment

Using IAM Solutions to Beat Deepfakes and Fraud

AI and ML technologies have made great strides in helping organizations with cybersecurity, as well as with other tasks like chatbots that help with customer service. Cybercriminals have also made great strides in using AI and ML for fraud. “Today, fraud can happen without stealing someone else’s identity because fraudsters can create ‘synthetic identities’ with […]

Leave a Comment

Getting your application security program off the ground

“Application security was traditionally very low on CISOs’ priority list but, as the attacks targeting applications increase in frequency, it’s getting more attention,” Eugene Dzihanau, Senior Director of Technology Solutions at EPAM Systems, told Help Net Security. “The application layer is quickly becoming more exposed to the outside world, drastically increasing the attack surface. Applications are […]

Leave a Comment

Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules

If you’ve ever used the Python programming language, or installed software written in Python, you’ve probably used PyPI, even if you didn’t realize it at the time. PyPI is short for the Python Package Index, and it currently contains just under 300,000 open source add-on modules (290,614 of them when we checked [2021-03-07T00:10Z]). You can download and […]

Leave a Comment

Byron Roosa’s ‘A Look At Jython-Enhanced Reverse Engineering

Leave a Comment

Penetration Testing

Penetration Testing is a method that many companies follow in order to minimize their security breaches. This is a controlled way of hiring a professional who will try to hack your system and show you the loopholes that you should fix. Before doing a penetration test, it is mandatory to have an agreement that will […]

Leave a Comment

Making a Success of Managing and Working Remotely

Leave a Comment

Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020

As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart. 2020 is shaping up to be a banner year for software vulnerabilities, leaving security professionals drowning in a veritable sea of patching, reporting and looming attacks, many of which they […]

Leave a Comment

12 Bare-Minimum Benchmarks for AppSec Initiatives

The newly published Building Security in Maturity Model provides the software security basics organizations should cover to keep up with their peers. As application security methodology and best practices have evolved over more than a decade, the Building Security in Maturity Model (BSIMM) has been there each year to track how organizations are making progress. BSIMM11, […]

Leave a Comment

40% of security pros say half of cyberattacks bypass their WAF – Help Net Security

There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their WAF. Source: 40% of security pros say half of cyberattacks bypass their WAF – Help Net Security Sorry About your WAF – Modern WAF Bypass Techniques Download a Security Risk Assessment Steps paper! Subscribe to DISC […]

Leave a Comment

API Security and Hackers: What’s the Need?

There is a considerable demand for data-centric projects, that is why companies have quickly opened their data to their ecosystem through REST or SOAP APIs. Source: API Security and Hackers: What’s the Need? … Download a Security Risk Assessment Checklist paper! Subscribe to DISC InfoSec blog by Email

Leave a Comment

10 Most Critical API Security Risks

10 Most Critical API Security Risks [2019] – OWASP Foundation Advanced Web Application Scanning with OWASP Zed Attack Proxy (ZAP) Web Application Security and OWASP – Top 10 Security Flaws Ethical Hacking 101: Web App Penetration Testing Subscribe to DISC InfoSec blog by Email

Leave a Comment