AppSec Tips
& Best Practices

Learn from AppSec success stories and discover tips and best
practices for Developers, CISOs and Security Managers to help
in securing every part of the SDLC.

Buffer Overflow

Buffer Overflow: The Mother of All Vulnerabilities

The Buffer Overflow vulnerability has been around for almost 3 decades and it’s still going strong. Hackers all around the world continue to name it as their default tactic due to the huge number of susceptible web applications. But what steps are organizations (devs) taking to combat this vulnerability? What role does secure coding play in eliminating this threat? This article

Read More »

Cloud Application Security

All You Wanted To Know About Cloud Security

The IT world is advancing at an astonishing pace. Just a few years ago data was stored physically on databases and software was managed manually. But today more and more organizations are gravitating towards cloud based solutions for their computing needs. While being extremely convenient, cheap and hassle-free, insecure programming can lead to a plethora of vulnerabilities and

Read More »

Web Application Firewalls

Web Application Firewalls (WAFs): Ethical Hacker Exposes His Secrets

In an age where cybercrime is escalating exponentially, picking the right security solution has become extremely crucial. Web Application Firewalls (WAFs) are highly regarded by many leading InfoSec experts, but Pakistani ethical hacker and AppSec expert Rafay Baloch thinks otherwise. To make matters more interesting, he also has the required expertise and POCs to back up

Read More »

DevSecOps: 4 Best Practices the Pros Teach Us About Security and DevOps

Developers and engineers all around the world are deploying code hundreds of thousands of times a day. Hundreds of millions of lines of code are churned out on a monthly basis, and it’s only going to get faster. Yet the security industry continues to kick our feet about DevOps.   But security teams can’t afford

Read More »

Secure iOS App Development

40 Tips You Must Know About Secure iOS App Development

The iPhone is arguably the most desired smartphone on the planet today, thanks to its shiny metallic hardware and user-friendly iOS 9 mobile platform. Despite Google leading the numbers-game with its open-source Android mobile platform, iOS is often considered to be the safer of the two due to Apple’s stricter security policy and its willingness to sacrifice customizability for

Read More »

Application Security Testing: 7 Steps to a Recipe for Success

Security tools are becoming more and more popular throughout the world of tech, and for security enthusiasts, and it should be something to celebrate about. But, in reality, we still have a long way to go when it comes to the actual use of the tools. We’ve known for years about the major gap between

Read More »

Android Development

Top 5 Secure Android Development Tips

Over 50% of US smartphone users are now actively using Android devices and the security aspect of Google’s mobile platform is under constant scrutiny. With new vulnerabilities and hacking POCs making the news on almost a daily basis, safety concerns are rising. So what lies ahead for this customizable and user-friendly, albeit vulnerable, mobile operating system? How can

Read More »

SAST vs IAST – Which AppSec Solution Is Right For You?

With cybercrime escalating worldwide, application security has become a big challenge for organizations and governments. Penetration (Pen) Testing and Dynamic Application Security Testing (DAST) are capable solutions, but have their fair share of inherited deficiencies. Interactive Application Security Testing (IAST), an upcoming security methodology, is being increasingly compared with Static Application Security Testing (SAST). This

Read More »

Static Analysis vs Pen Testing – Which One Is Right For You?

Penetration (Pen) Testing has long been the go-to tool for organizations looking to safeguard their applications. But the ever-evolving hacking techniques are exposing this aging solution’s shortcomings. The growing consensus in security circles is that applications need to be bolstered from the core – the source code. This is exactly where Static Analysis enters the picture, helping detect application

Read More »

Jump to Category