Code Dx Application Security Blog
As business guru Peter Drucker said, “If you can’t measure it, you can’t improve it.” This quote rings especially true when it comes to application security.
Attacks on applications aren’t going away. In fact, there was a 40 percent increase in attacks from August to September of this year. Enterprises must remain diligent, learning about the latest application security trends and developments.
Code Dx Inc. has bested rival startups to win a $2 million “Shark Tank” style venture capital contest. Maryland-based venture capital firm DataTribe said it received hundreds of submissions from companies pitching their business plans in its second annual global competition.
DataTribe recently closed submissions to its second annual DataTribe Challenge, a global competition to identify and develop high-technology startups with a vision to disrupt cybersecurity and data science. In a new Q&A blog series, we spoke with Dr. Anita D’Amico, Chief Executive Officer of Code Dx.
There are many components required to create and carry out an effective cyber security strategy. Enterprises need to use the right tools, possess the right knowledge, plan appropriately, and have well-qualified staff on hand to execute.
One of the biggest challenges facing CISOs today is how to build a secure application strategy. It’s no simple feat to build an application security strategy that is both comprehensive and effective. But it’s essential, as a breach can be quite costly to the organization.
Every Chief Information Security Officer (CISO) knows how important risk management is for the health and safety of the business. Enterprise applications and software systems are under a permanent state of threat, making application security and cyber risk management...
Code Dx has been named in Gartner’s 2019 Application Security Hype Cycle Report in a key emerging market area: Application Security Orchestration and Correlation (ASOC). Yearly, Gartner produces a report that details the current state of the Application Security Marketplace, including emerging and fading market area trends.
As the number of IoT applications and devices continues to grow, so does the need for improved IoT security—yet the reality is we have a long way to go. A recent article pointed out that more than 2 million security cameras, doorbells, and even baby monitors contain serious IoT vulnerabilities. The worst part is there is no known patch for the common flaws in these everyday devices.
Application security challenges lie not only in the threats and application vulnerabilities themselves, but also in the processes and approaches taken within the organization to manage application security. A closer look at some of the top application security challenges from both a threat standpoint and a business management view can help you avoid some of the most common pitfalls.
Read the interview with Dr. D’Amico to learn more about how Code Dx works.
In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.
At RSA 2019, Deb Radcliff talked with Anita D'Amico, CEO of Code Dx, an application testing company that is one of the DHS-funded startups at RSA. "DHS S&T wants people to adopt good cybersecurity practices, so they're trying to get innovative cybersecurity...
Code Dx CEO Dr. Anita D'Amico, PhD, was featured in an article and interviewed by Cybercrime Magazine. You can read the article by Steven T. Kroll at CyberSecurity Ventures. You can watch the the interview with Dr. D'Amico below.
An article by Ken Prole, CTO of Code Dx, was published in the Security Today magazine’s April 2019 edition.
If your company handles payment transactions of any type, then you’re familiar with the Payment Card Industry Data Security Standard (PCI DSS)—a group of security standards designed to create and maintain a secure environment for any company that accepts, processes, stores, or transmits credit card information. Because we provide tools for application security, we will focus primarily on how this regulation affects companies building applications.
Manually reviewing findings from code quality and security testing tools is plenty of work on its own, without dealing with unnecessary duplicates. As code moves around with edits, many static analysis tools report findings associated with that code as new, even...
One hundred percent—all of the applications Positive Technologies tested—had some kind of vulnerability. You might think, “Yeah, but how many of those were real, critical vulnerabilities?” Well, ninety-four percent of web applications tested contained a high-severity software flaw. Eighty-five percent of those same applications contained at least one confirmed, exploitable vulnerability.
A recent Newsday article by Ken Schachter titled “Progress slow in adding women in the boardrooms” includes Code Dx CEO, Dr. Anita D’Amico.
Web application attacks are on the rise. A recent study found that they were the primary cause of reported breaches in 2017 and Q1 2018. This marked increase is partly due to the greater variety in web application vulnerabilities, as new attack vectors are found and exploited.
Code Dx, Inc., today announced that Code Dx Enterprise has won the CyberSecurity Breakthrough Award for the Vulnerability Management Solutions of the Year. CyberSecurity Breakthrough Award recognizes excellence in information security and cybersecurity technology companies, products and people.
Continuous Integration (CI) and Continuous Delivery (CD), or CI/CD, are part of the Agile approach to software development. The most prominent aspect of Agile development—and it’s most important rule—is that it requires software development to be responsive to change through an iterative process.
Dr. Anita D’Amico and Chris Horn gave a well-received presentation at AppSec USA about: Human factors that influence secure software development. Their presentation was quoted as: “…one of the best talks I’ve seen in the last several years.”
The 2018 Global Security Report from Trustwave found that all web applications are vulnerable to attack. Yes, you read that right. All applications had at least one vulnerability, and the average number of vulnerabilities found per application was eleven.
DevOps and DevSecOps are terms that application development and security teams have become very familiar with in the past few years, especially as internet-connected users demand constant updates and improvements to applications.