Human Factors talk given at AppSec Amsterdam 2019

Sep 27, 2019 | AppSec Classroom

Why do some developers produce secure code, but others do not? What potentially configurable elements impact code quality and security? Software is written by people, and their actions and decisions ultimately affect the security of the code they produce. This...

Vulnerability Management: Is 100% code and vulnerability coverage realistic?

May 22, 2019 | AppSec Classroom, Software Vulnerabilities

In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.

Each SAST tool only discovers about 14% of the vulnerabilities in your code

Apr 11, 2019 | AppSec Classroom, Tool Studies

An essential element of the application development process is scanning the software to find potential vulnerabilities. Static Application Security Testing tools are notorious for returning lots of results (often thousands, even for relatively small applications), which can overwhelm a developer. But no matter how they feel about the results, software developers must understand that by running only one application security testing tool—even the best on the market—they are missing most of the weaknesses in their code.

Hybrid Application Security Testing (HAST)

Apr 2, 2019 | AppSec Classroom

Both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) share a common goal—finding security vulnerabilities in an application. Both are an important part of a comprehensive application security process, but the perspectives and...

AST Glossary

Aug 19, 2015 | AppSec Classroom

Active Scan – is when a vulnerability scanner actively sends requests to a running application with the intent of exposing and identifying vulnerabilities. Application Security Testing (AST) – the process of identifying holes in an application’s source code throughout...

Penetration Testing – Putting on the Hacker Hat

Mar 27, 2015 | AppSec Classroom

Known by most in the industry as pentesting, penetration testing is the process of proactively running ethical attacks on an application in an effort to identify security weaknesses and to validate defense mechanisms.  These weaknesses may lead to access of an...