A user’s personal data can be anything from their user name and email address to their telephone name and physical address. Less obvious forms of sensitive data include IP addresses, log data and any information gathered through cookies, as well as users’ biometric data. Any business whose mobile app collects personal information from users is […]

The bugs OpenSSL, as its name suggests, is mainly used by network software that uses the TLS protocol (transport layer security), formerly known as SSL (secure sockets layer), to protect data in transit. Although TLS has now replaced SSL, removing a huge number of cryptographic flaws along the way, many of the popular open source […]

How APIs Create Security Risks The proliferation of APIs that power applications, microservices, containers and serverless functions have created one of the greatest sources of security risk that businesses face today. The reason is simple: It’s not the development team’s responsibility to handle security. At the same time, however, security operations teams don’t have visibility […]

Instead of waning, cyber attacks continue to rise as the years pass. Several reasons contribute to this phenomenon, despite developing and deploying more robust network and data security platforms. First, the recent spate of disruptive cyberattacks hampering operations of organizations and government agencies proves that cybercriminals are becoming bolder in perpetuating their malicious activities. These […]

Why Use Zero-Trust for API Security Think of APIs as the new network; interconnected in complex ways and with API interactions happening both within and outside  of the organization. “Public-facing APIs—for example, consumer banking—are usually a key area of focus when it comes to zero-trust,” said Dunne. “This is due to the obvious risk exposure […]

Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration. “Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its […]

This iteration of the RedMonk Programming Languages is brought to you by Microsoft. Developers build the future. Microsoft supports you in any language and Java is no exception; we love it. We offer the best Java dev tools, infrastructure, and modern framework support. Modernize your Java development with Microsoft. While we generally try to have our […]

AppSec testing Approach CheatSheet pdf download 5 Things a Pen Tester Looks for When Evaluating an Application PenTest as a Service The Web Application Hacker’s Handbook

The “golden age of digital transformation” is upon us, and companies around the globe are scurrying to meet consumers on the digital frontier. For developers, it is a virtual gold rush, as businesses overhaul their infrastructure to meet consumers where they are—their mobile phones. For most, this means developing a mobile app. Unfortunately, the byproduct of […]

How are software development applicants cheating? Prior to COVID-19, many companies had engineering applicants take coding skills assessments in person. On-premises testing allowed employers to control the environment and observe the applicant’s process. Now, employers are providing these assessments (and getting observations) remotely, and applicants (almost exclusively at the junior level) are gaming the platforms. The […]

You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests. But DevSecOps can’t be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do. The WAF is not […]

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can also be exploited to launch […]

Web Application Security More Critical Than Ever Other findings from the report include: An overall prevalence of high-severity vulnerabilities such as remote code execution, SQL injection, and cross-site scripting; Medium-severity vulnerabilities such as denial-of-service, host header injection and directory listing, remained present in 63% of web apps in 2020; Several high-severity vulnerabilities did not show […]

Digital business mindset While developing a seamless and successful digital mindset with a security strategy is not a simple task, the effort is crucial for the health of a company. Unfortunately, security tools haven’t always gotten the best rep with developers, who feared the tools would slow them down, reflect poorly on their work, or […]

The SolarWinds digital supply chain attack began by compromising the “heart” of the CI/CD pipeline and successfully changing application code. It highlighted the major challenges organizations face in securing their applications across the software development lifecycle and is driving increased attention at the highest levels of enterprise and government. In fact, Reuters recently reported that the Biden administration […]

Today, rapid digitalization has placed a significant burden on software developers supporting remote business operations. Developers are facing continuous pressure to push out software at high velocity. As a result, security is continuously overlooked, as it doesn’t fit into existing development workflows. The way we build software is increasingly automated and integrated. CI/CD pipelines have […]

The fundamentals of a formal, effective application security plan should start with business objectives, tools, processes and most of all, data, with the primary driver for securing applications focused on protecting data. While it is important to surgically address the insecurities in a mission-critical application, it is equally important to continuously upskill the development and […]

DEVSECOPS Enough about culture and on to DevSecOps. What kind of culture allows it to thrive? An important aspect is having a better understanding of the motivators of and detractors in each element. I won’t review those here because they are covered well in this article: https://www.stackrox.com/post/2021/02/devops-vs-devsecops-heres-how-they-fit-together/ But I will say that this topic brings to mind […]