Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Why Manually Tracking Open Source Components Is Futile

Open source is everywhere. Everyone is using it. Open source code is found in almost every proprietary software offering on the market and is estimated to make up on average 60%-80% of all software codebases in 2020. Why the proliferation? Open source libraries help developers write code faster to meet the increasingly shorter release cycles under DevOps pipelines. Instead of writing new code, developers leverage existing open source libraries to quickly gain needed functionality.

Black Box Testing: What You Need to Know

Today’s software development life cycle includes a variety of quality and security testing techniques at every stage. Frequent testing throughout the DevOps pipeline is imperative considering the ever-increasing pace of development. One of the most common testing methods that companies use to ensure the products they are pushing out are secure and high-quality is black box testing.

Top 7 Questions to Ask When Evaluating a Software Composition Analysis Solution

Your open source usage is out of control. Sure, it’s helping you develop your product faster and getting new releases out the door in days instead of months, but now your code base is made up of 60% or more open source components. And that percentage is only growing. The application layer continues to be the most attacked, so you know you need to stay on top of vulnerabilities.

Top 9 Code Review Tools for Clean and Secure Source Code

Shifting left quality and security testing has finally become a practice that organizations are embracing. But even before testing the code comes code review, beginning at the earliest stages of development. Code review is essential for detecting and remediating code defects and errors before production, when they are relatively easy and less expensive to address.

Why Patch Management Is Important and How to Get It Right

Many software developers tend to see patch management as another tedious security task that gets in the way of the development process. However, considering Forresters’s recent State of Application Security Report for 2020 predicted that application vulnerabilities will continue to be the most common external attack method, patch management is a critical part of the vulnerability management process that organizations can’t afford to neglect.

Application Security Testing: Security Scanning Vs. Runtime Protection

The application layer continues to be the most attacked and hardest to defend in the enterprise software stack. With the proliferation of tools aimed at preventing an attack, it’s no wonder the application security testing market is valued at US 4.48 billion. Forrester’s market taxonomy breaks up the application security testing tools market into two main categories: security scanning tools and runtime protection tools.

Our Favorite Web Vulnerability Scanners

Web vulnerability scanners crawl through the pages of web applications to detect security vulnerabilities, malware, and logical flaws. They do this by generating malicious inputs and evaluating an application’s responses. Often referred to as dynamic application security testing (DAST), web vulnerability scanners are a type of black-box testing; they perform functional testing only and don't scan an application’s source code.

License Compatibility: Combining Open Source Licenses

Free and open source software (FOSS) components have become the basic building blocks of our software products, helping today’s developers build and ship innovative products faster than ever before. Many developers tend to forget that while open source licenses are free, they still come with a set of terms and conditions that users must abide by.

Why You Need an Open Source Vulnerability Scanner

No one wants to be the next Equifax. Just thinking about their company’s name being in a headline along with the words “security breach” is enough to keep CISOs up at night. Much like Fight Club, however, the first rule of data breaches is: You do not talk about security breaches...unless you’re mandated by notification laws like GDPR. Even though organizations don’t reveal much publicly, their concern is reflected in the amount of money spent to prevent cyber attacks.

Dynamic Application Security Testing: DAST Basics

Application security testing (AST), which are tools that automate the testing, analyzing, and reporting of security vulnerabilities, is an indispensable part of software development. In a modern DevOps framework where security is shifted left, AST should be thought of as compulsory. And this has never been more important when you consider that Forrester reports the most common external attack method continues to be application weaknesses and software vulnerabilities.