The importance of broken authentication and session management to application security

Managing usernames and passwords has become a cumbersome task in today’s internet-driven world. However, this is a necessary evil due to the rapid growth in data, advancements in mobile and cloud technologies, and the increasing plethora of security breaches seeming to happen every other day. As a result, authentication and session management has become more advanced to protect the data, systems, and networks that our society relies upon.

Each SAST tool only discovers about 14% of the vulnerabilities in your code

An essential element of the application development process is scanning the software to find potential vulnerabilities. Static Application Security Testing tools are notorious for returning lots of results (often thousands, even for relatively small applications), which can overwhelm a developer. But no matter how they feel about the results, software developers must understand that by running only one application security testing tool—even the best on the market—they are missing most of the weaknesses in their code.

Hybrid Application Security Testing (HAST)

Both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) share a common goal—finding security vulnerabilities in an application. Both are an important part of a comprehensive application security process, but the perspectives and...

Code Dx will be at the AppSec Conference in California

Vincent Hopson, Field Applications Engineer at Code Dx, will discuss how web application penetration testers can improve the efficiency and comprehensiveness of their white box testing using two new open source OWASP tools; Code Pulse and Attack Surface Detector.