Application Security TestingASTIASTOWASPSASTstatic code analysis SAST vs IAST – Which AppSec Solution Is Right For You? Aug 13, 2015 by Sharon Solomon With cybercrime escalating worldwide, application security has become a big challenge for organizations and governments. Penetration (Pen) Testing and Dynamic Application Security Testing (DAST) are capable solutions, but have their fair share of inherited deficiencies. Interactive Application Security Testing (IAST), an upcoming security methodology, is being increasingly compared with Static Application Security Testing (SAST). This Read More › Application Security TestingASTIASTOWASPSASTstatic code analysis
Penetration TestingSASTSDLCsSDLCstatic code analysis Static Analysis vs Pen Testing – Which One Is Right For You? Jul 28, 2015 by Sharon Solomon Penetration (Pen) Testing has long been the go-to tool for organizations looking to safeguard their applications. But the ever-evolving hacking techniques are exposing this aging solution’s shortcomings. The growing consensus in security circles is that applications need to be bolstered from the core – the source code. This is exactly where Static Analysis enters the picture, helping detect application Read More › Penetration TestingSASTSDLCsSDLCstatic code analysis
Developer EducationDevSecOpsSecure Codingsecurity awareness 5 Steps That WILL Raise Your Developers Information Security Awareness Jul 17, 2015 by Sarah Vonnegut In the same post where Bruce Schneier famously said that he personally believes “that training users in security is generally a waste of time, and that the money can be better spent elsewhere,” he added an important caveat about training developers. Developers, he wrote, “are people who can be taught expertise in a fast-changing environment, and Read More › Developer EducationDevSecOpsSecure Codingsecurity awareness
Application SecuritySecure Coding 9 Secure Coding Practices You Can’t Ignore Jul 1, 2015 by Sarah Vonnegut Writing secure code is no longer an option. With financially motivated crime at the top of the web app attack food chain, according to the latest Verizon Data Breach Investigation report, your organization will be hard-pressed to come out on top if you suffer a breach. In order to ensure our organizations and customers are secure, Read More › Application SecuritySecure Coding
AgileDevOpsSASTstatic code analysisWhite Box Testing 8 Problems Every Application Security Program Leader Has To Tackle Jun 17, 2015 by Sharon Solomon Despite the astounding rise in cybercrime and hacking incidents worldwide, the modern Application Security Program Leader faces numerous bumps and obstacles on a daily basis within his organization. Application security has come a long way in the last decade, but the inherited limitations of the traditional solutions are not making life easy. Read More › AgileDevOpsSASTstatic code analysisWhite Box Testing
Security and DevOps: How To Get Started Jun 11, 2015 by Sarah Vonnegut The Rise of DevOps The methods we use to develop software have gone through radical transformations over the last five years. ‘Slow and steady’ has evolved into quick and agile methodologies like DevOps. Based on disrupting the silos between Developers and Operations, DevOps embraces the idea of a shared culture of trust, collaboration Read More ›
SASTSDLCsSDLCWAFWeb Application Firewall SAST vs WAF – 5 Reasons To Opt For SAST Jun 3, 2015 by Sharon Solomon With the industrialization of cybercrime and rise in hacking severity, the value of traditional application security techniques is imploding. The Web Application Firewall (WAF), considered as a go-to security solution until not long ago, is currently experiencing a constant erosion in its effectiveness. On the other hand, Static Application Security Testing (SAST) solutions are gaining momentum. Read More › SASTSDLCsSDLCWAFWeb Application Firewall
Application SecurityAppSec ProgramSASTsSDLC The Ten Commandments of Proactive Application Security May 29, 2015 by Sarah Vonnegut When you’re constantly reacting to suspicious alerts and fixing vulnerabilities only after they’ve been exploited, you’re missing the point of application security. Application security, according to Wikipedia, “encompasses the measures taken throughout the code’s life-cycle to prevent gaps in the security policy of an application or the underlying vulnerabilities… of the application.” The practice Read More › Application SecurityAppSec ProgramSASTsSDLC
Application SecurityCISOSDLCsecurity metrics Application Security Metrics: Where (And Why) To Begin? May 15, 2015 by Sarah Vonnegut A wise man once said, “to measure is to know…if you cannot measure it, you cannot improve it.” When it comes to application security, measurements are crucial to the success of your program. But determining how to best combine your measurements into metrics which show your programs value is much more important. As a CISO Read More › Application SecurityCISOSDLCsecurity metrics
AppSec ProgramCISODeveloper EducationThreat Modeling 6 Tips for Ensuring Your Application Security Program Isn’t a Flop May 8, 2015 by Sarah Vonnegut Baking security in to our applications is just not an option anymore. The explosion of the number of applications within organizations, coupled with the constant breaches we hear about (and the many more we don’t) don’t allow room for complacency when it comes to securing your organization and customer data. Yet CISOs and security managers Read More › AppSec ProgramCISODeveloper EducationThreat Modeling