Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

A new approach to AppSec

Are you putting your organization at risk with outdated security strategies? Embrace next-gen AppSec to reduce security risks without impeding DevOps. Application development practices continue to evolve, enabling development teams to deliver applications at a pace never before thought possible. At the same time, cyber-criminals have developed new levels of attack strategies and intensified their focus, making it more important than ever to scrutinize applications for security vulnerabilities.

2003 Testimony to Congress Proves That We Still Have a Long Way to Go In Building Secure Software

Back in May 1998, as a member of the hacker think tank, L0pht, I testified under my hacker name, Weld Pond, in front of a U.S. Senate committee investigating government cybersecurity. It was a novel event. Hackers, testifying under their hacker names, telling the U.S. government how the world of cybersecurity really was from those down in the computer underground trenches.

Featured Post

Dev-first SAST: Increase your developer productivity while staying secure

Static application security testing (or SAST) used to be a term coined by the security team, to help developers test their code early in the software development life cycle (SDLC). Unlike dynamic testing, it does not require a working application, which allows developers to identify security vulnerabilities while they code, so they can spot them as soon as they appear and fix them when it's easiest and fastest to do so. This cuts down their future workload by decreasing the backlog of issues they'll have to address later.

ASOC series part 2: How to scale AppSec with application security automation

Learn how ASOC tools make scaling possible through application security automation and orchestration. In part one of our series on application security orchestration and correlation (ASOC), we looked at how this new application security trend improves DevSecOps efficiency. We will now focus on the typical challenges AppSec teams face due to today’s rapid development cycles, and how ASOC tools can solve these challenges with automation and scalability.

Protect sensitive data with the right balance of AppSec tools and services

Using the right AppSec tools and services throughout the software development life cycle can help you properly secure your sensitive data. One of a CISO’s primary responsibilities is protecting their company’s digital assets, and adhering to current and emerging data privacy laws is crucial. Organizations must ensure that their corporate intellectual property and user data (e.g., customer, employee, contractor and/or prospect data) is safe from cyber attacks and data breaches.

Digital Signatures Using Java

This is the ninth entry in blog series on using Java Cryptography securely. We started off by looking at the basics of Java Cryptography Architecture, assembling one crypto primitive after other in posts on Cryptographically Secure Random Number Generator, symmetric & asymmetric encryption/decryption & hashes. In the meantime, we had to catchup with cryptographic update in latest versions of Java. Having looked at some of the most common symmetric cryptography based applications a.k.a.

Web scanners are evolving to secure modern web applications and their APIs

Tom Hudson (TH), Senior Security Researcher at Detectify, joined the Application Security Weekly podcast to talk about the status quo on web scanners and securing modern web applications. We’ve edited the transcript for brevity and taken some highlights from the pod episode below.

ASOC series part 1: How application security orchestration and correlation can improve DevSecOps efficiency

Application security orchestration and correlation tools empower security teams to speed up the AppSec process without sacrificing quality. In its 2019 “Hype Cycle for Application Security” report, Gartner revealed a new, high-priority tool category called application security orchestration and correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations: efficiency, scalability, and accountability.

AppSec Decoded: Key findings from the 2021 OSSRA report

In this episode of AppSec Decoded, we discuss the major open source trends identified within the 2021 OSSRA report. The explosive growth of open source is not new. Developers have been using this collaborative method of building software applications to meet the market demands for quality and speed for many years. Synopsys has conducted research on trends in open source usage with commercial applications since 2015.

How to cyber security: Invisible application security

Invisible application security is the concept of integrating and automating AppSec testing with little interruption to developer workflows. I really love the keyless entry system on my car. The “key” is not a key in the traditional sense; all I have to do is put it in my pocket and forget about it. When I reach for the car door handle, it simply unlocks. When I leave the car, I wave my hand over the handle to lock the car.