Application Security Blog from Code Dx
Network security vs. application security: Why you need both for strong enterprise risk management
It can be challenging to juggle both application and network security and know how many of your resources you should devote to each program. Organizations often take an either/or approach, focusing more attention on either application security or network security. However, both are equally important for a comprehensive enterprise risk management strategy.
Do certain types of developers or teams write more secure code?
At AppSec Cali 2020 Code Dx CEO Dr. Anita D'Amico and AppSec Researcher Chris Horn, discussed their research on "Do certain types of developers or teams write more secure code? Human Factors in AppSec." This research sought to find out what physical elements...
How application security metrics can strengthen your team
As business guru Peter Drucker said, “If you can’t measure it, you can’t improve it.” This quote rings especially true when it comes to application security.
How to manage IoT application security vulnerabilities more efficiently
As the number of IoT applications and devices continues to grow, so does the need for improved IoT security—yet the reality is we have a long way to go. A recent article pointed out that more than 2 million security cameras, doorbells, and even baby monitors contain serious IoT vulnerabilities. The worst part is there is no known patch for the common flaws in these everyday devices.
Common application security challenges & how to overcome them
Application security challenges lie not only in the threats and application vulnerabilities themselves, but also in the processes and approaches taken within the organization to manage application security. A closer look at some of the top application security challenges from both a threat standpoint and a business management view can help you avoid some of the most common pitfalls.
The importance of broken authentication and session management to application security
Managing usernames and passwords has become a cumbersome task in today’s internet-driven world. However, this is a necessary evil due to the rapid growth in data, advancements in mobile and cloud technologies, and the increasing plethora of security breaches seeming to happen every other day. As a result, authentication and session management has become more advanced to protect the data, systems, and networks that our society relies upon.
Vulnerability Management: Is 100% code and vulnerability coverage realistic?
In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.
The perfect union: Vulnerability Assessment and Penetration Testing (VAPT)
One hundred percent—all of the applications Positive Technologies tested—had some kind of vulnerability. You might think, “Yeah, but how many of those were real, critical vulnerabilities?” Well, ninety-four percent of web applications tested contained a high-severity software flaw. Eighty-five percent of those same applications contained at least one confirmed, exploitable vulnerability.
Predicted web application vulnerabilities and cybersecurity trends for 2019
Web application attacks are on the rise. A recent study found that they were the primary cause of reported breaches in 2017 and Q1 2018. This marked increase is partly due to the greater variety in web application vulnerabilities, as new attack vectors are found and exploited.
Code Dx Enterprise Now Offers Innovative New Dashboard Providing Complete AppSec Visualization
Code Dx, Inc., today announced that Code Dx Enterprise has won the CyberSecurity Breakthrough Award for the Vulnerability Management Solutions of the Year. CyberSecurity Breakthrough Award recognizes excellence in information security and cybersecurity technology companies, products and people.
Don’t leave security behind in your CI/CD environment
Continuous Integration (CI) and Continuous Delivery (CD), or CI/CD, are part of the Agile approach to software development. The most prominent aspect of Agile development—and it’s most important rule—is that it requires software development to be responsive to change through an iterative process.
The importance of penetration testing and vulnerability assessments for web applications
The 2018 Global Security Report from Trustwave found that all web applications are vulnerable to attack. Yes, you read that right. All applications had at least one vulnerability, and the average number of vulnerabilities found per application was eleven.
Implement a DevSecOps strategy to boost cooperation between development and security teams
DevOps and DevSecOps are terms that application development and security teams have become very familiar with in the past few years, especially as internet-connected users demand constant updates and improvements to applications.
Smartphone cyber attacks are on the rise: Tips to improve mobile application security
Everywhere you look, people are on their smartphones. These devices have become a permanent fixture in our lives. We spend more time on our smartphones than we do on our desktops, making mobile devices a bigger target for cyber attacks. To make matters worse, the vast...
Data, data everywhere: How to effectively manage the deluge of SAST and DAST results
Application security testing is an integral part of the development process. A proper testing methodology utilizes multiple tools (and types of tools) and incorporates application security testing into the design, development, and production phases of the application development lifecycle. But you may find yourself overwhelmed by the inundation of results from all of these testing tools.
Code Dx Enterprise 3.0 Now Offers Static and Dynamic Hybrid Analysis for Application Security Testing
Code Dx, Inc. today announced a significant new capability— Static & Dynamic Hybrid Analysis—to be included in Code Dx Enterprise 3.0. In addition to Hybrid Analysis, Code Dx Enterprise 3.0 supports and integrates with more than 40 commercial and open-source SAST, DAST, and IAST tools and techniques to provide total software application vulnerability correlation and management.
8 ways to save time in application security testing
The cost and time required for comprehensive application security testing often deters businesses from implementing a proper strategy for testing and remediation of vulnerabilities. Of course, that’s asking for trouble. Fortunately, the process can be streamlined, enabling you to conduct application security testing in a more efficient and timely manner.
Application vulnerability testing software – tools that help secure your software
You’ve accepted the importance of application vulnerability testing to ensure the security of your software. That’s good. There are many options available when it comes to application vulnerability testing software, so it can become confusing to know which tools are the right ones to use. Different tools identify different problems when it comes to application vulnerability testing, so you need to consider using more than one.
New year, new security threats: The top 2017 application hacks, and what you need to look out for in 2018
2017 was no stranger to application security threats, with some of the biggest hacks, to date, taking place. In fact, during the third quarter of 2017 there were more than 230 million web application attacks on websites in the U.S. Despite these figures, a 2017 study...
White box, black box, and gray box vulnerability testing: What’s the difference and why does it matter?
2017 saw a record number of security vulnerabilities, with more than 16,000 vulnerabilities reported by the end of Q3. That is more than in all of 2016 combined. While some organizations are addressing these application security risks quickly, others are failing to do...
Gartner identifies the next step in software vulnerability management: Application Vulnerability Correlation (AVC)
You’ve learned that it takes more than one application security tool to secure your code. As you add software vulnerability testing tools to examine your application from every possible angle, the number of results you have to manage grows. It’s great that you can...
Software Vulnerability Management: Why it’s not as easy as “find it and fix it.”
Your company has defined and implemented an application security management program. You have spent time and money purchasing and installing various Automated Software Testing (AST) tools and techniques to run your application through it’s paces. These AST tools generate lists of vulnerabilities. Why is it that you can’t just give these lists to your team and have them fix the items on the list?
Keep Your Third-Party Libraries in Order: Code Dx Integrates Black Duck Hub
You almost can’t build a web application today without making use of third-party open source code. But how do you know that code you imported into your application from GitHub is secure? If the study sponsored by our technology partner and industry leader Contrast...
Code Dx Version 2.6 supports NIST 800-53 Compliance and application security testing for mobile apps through NowSecure
Code Dx, Inc. today announced version 2.6 of its flagship Application Software Vulnerability Correlation and Management solution, Code Dx Enterprise.
Code Dx 2.5 for application security tool integration
Code Dx, Inc., today announced the release of version 2.5 of its software vulnerability correlation and management solutions providing increased flexibility for user customizations.
HIPAA security compliance and software vulnerability management
Software vulnerabilities can cause major problems for developers and developing managers. More than 50% of all software breaches involve web applications; however, less than 10% of organizations…
Code Dx releases Version 2.4 offering Interactive Application Security Testing Support through Contrast Security’s Assess IAST
SAN FRANCISCO, CALIF. and NORTHPORT, N.Y. – February 13, 2017 – (RSA Conference 2017 Meeting Suite WES-19) – Code Dx,...
How to Minimize Your Software’s Attack Surface
To get a handle on your security posture, you must understand the areas in which you are most at risk and design strategies to protect those areas. Your areas of risk are known as your attack surface. The Open Web Application Security Project (OWASP) defines the...
What Developers Don’t Know Can Hurt Your Application
You have carefully carved out the project plan for your next development project. You hired the best talent available to write the code. Every i is dotted, every t is crossed…down to project managers, unit testers, and go-live scenarios. Unfortunately, hackers,...
Here we go again with another Android vulnerability
Many Android devices are susceptible to “Android Installer Hijacking” attacks that have the potential to compromise devices and give illegitimate apps access to sensitive data. This type of attack exploits a vulnerability called “Time-of-Check to Time-of-Use...