Tool Orchestration Enables AppSec To Keep Pace with DevOps
Code Exploits
Network security vs. application security: Why you need both for strong enterprise risk management
It can be challenging to juggle both application and network security and know how many of your resources you should devote to each program. Organizations often take an either/or approach, focusing more attention on either application security or network security. However, both are equally important for a comprehensive enterprise risk management strategy.
Do certain types of developers or teams write more secure code?
At AppSec Cali 2020 Code Dx CEO Dr. Anita D'Amico and AppSec Researcher Chris Horn, discussed their research on "Do certain types of developers or teams write more secure code? Human Factors in AppSec." This research sought to find out what physical elements...
How application security metrics can strengthen your team
As business guru Peter Drucker said, “If you can’t measure it, you can’t improve it.” This quote rings especially true when it comes to application security.
How to manage IoT application security vulnerabilities more efficiently
As the number of IoT applications and devices continues to grow, so does the need for improved IoT security—yet the reality is we have a long way to go. A recent article pointed out that more than 2 million security cameras, doorbells, and even baby monitors contain serious IoT vulnerabilities. The worst part is there is no known patch for the common flaws in these everyday devices.
Common application security challenges & how to overcome them
Application security challenges lie not only in the threats and application vulnerabilities themselves, but also in the processes and approaches taken within the organization to manage application security. A closer look at some of the top application security challenges from both a threat standpoint and a business management view can help you avoid some of the most common pitfalls.
The importance of broken authentication and session management to application security
Managing usernames and passwords has become a cumbersome task in today’s internet-driven world. However, this is a necessary evil due to the rapid growth in data, advancements in mobile and cloud technologies, and the increasing plethora of security breaches seeming to happen every other day. As a result, authentication and session management has become more advanced to protect the data, systems, and networks that our society relies upon.
Vulnerability Management: Is 100% code and vulnerability coverage realistic?
In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.
The perfect union: Vulnerability Assessment and Penetration Testing (VAPT)
One hundred percent—all of the applications Positive Technologies tested—had some kind of vulnerability. You might think, “Yeah, but how many of those were real, critical vulnerabilities?” Well, ninety-four percent of web applications tested contained a high-severity software flaw. Eighty-five percent of those same applications contained at least one confirmed, exploitable vulnerability.
Predicted web application vulnerabilities and cybersecurity trends for 2019
Web application attacks are on the rise. A recent study found that they were the primary cause of reported breaches in 2017 and Q1 2018. This marked increase is partly due to the greater variety in web application vulnerabilities, as new attack vectors are found and exploited.