agile developmentApplication Security TestingDeveloper EducationDevOpsDevOps cultureDevSecOpsGartner Magic Quadrantsecurity Shifting to DevSecOps, with Software Security Testing Built In Jan 15, 2019 by Matthew Rose Many organizations today are in the process of transitioning to a DevOps-centric approach, but don’t want to leave security behind. In order to build security in from the beginning of their software development process, it’s essential to enhance your security posture by integrating application security testing solutions into the software development life cycle at your Read More › agile developmentApplication Security TestingDeveloper EducationDevOpsDevOps cultureDevSecOpsGartner Magic Quadrantsecurity
API Securityartificial intelligencebreachesCloud AdoptionDevSecOpsHackingIASTInteractive Application Security TestingInternet Of ThingsIoTMachine learningmicroservicesOpen Source Analysisvulnerable IoT objects Software Security Predictions: What to Watch for in 2019 Jan 3, 2019 by Matthew Rose Security breaches regularly made headlines in 2018, while advancements in DevOps, application security testing tools, artificial intelligence, machine learning, cloud adoption, and the Internet of Things raced forward. 2019 promises to be another busy year in technology and digital transformation, but what will that look like for software security? Here are our software security predictions Read More › API Securityartificial intelligencebreachesCloud AdoptionDevSecOpsHackingIASTInteractive Application Security TestingInternet Of ThingsIoTMachine learningmicroservicesOpen Source Analysisvulnerable IoT objects
AndroidAndroid WebViewHTTPSSecure Codingsecure coding practicesSSL/TLSWebView Android WebView: Are Secure Coding Practices Being Followed? Dec 20, 2018 by João Morais WebViews are very common on the Android applications. There are clear WebView security best practices, but are they being implemented? With our previous blog post in mind, Android WebView: Secure Coding Practices, we wanted to understand how security best practices in WebViews are being implemented in the wild. Are the apps with WebViews, currently available on Read More › AndroidAndroid WebViewHTTPSSecure Codingsecure coding practicesSSL/TLSWebView
AppSec Specialistsbusiness leadersChief Information OfficerChief Information Security OfficerCIOCISOCloud Operationscompliancedata usersDevelopersGDPRIT SecuritylegalPIPEDASDLCSecurity Championssecurity teamsoftware development life 9 Key Players for a Winning Security Team Dec 18, 2018 by Kurt Risley Basketball legend Michael Jordan once said, “Talent wins games, but teamwork and intelligence win championships.” When it comes to something as important as your company’s security, you can’t afford to rely on anything less than a championship security team. What does a championship security team mean for your organization? You may have hired the best Read More › AppSec Specialistsbusiness leadersChief Information OfficerChief Information Security OfficerCIOCISOCloud Operationscompliancedata usersDevelopersGDPRIT SecuritylegalPIPEDASDLCSecurity Championssecurity teamsoftware development life
air gapair gappingair-gapped systemsdata exfiltrationnear field communicationNFCNFC radioNFC rangeNFCdrip NFCdrip: Data Exfiltration Research in Near Field Communication Dec 14, 2018 by Pedro Umbelino Near-field communication (NFC) is a set of protocols that enables two electronic devices to establish communication by bringing them very close together. Usually the devices must be within less than 4cm. Contactless payment systems use NFC devices, including smartphones, and are similar to those used in credit cards and electronic ticket smartcards. Social networking and Read More › air gapair gappingair-gapped systemsdata exfiltrationnear field communicationNFCNFC radioNFC rangeNFCdrip
AndroidAndroid InApp BillingAPIapplication program interfaceFruit NinjaGoogleInApp billingJSONpurchase verification Get Freebies by Abusing the Android InApp Billing API Dec 11, 2018 by Guillaume Lopes Security researchers started talking about vulnerabilities in the Android InApp Billing API years ago, but we found it worthwhile to take another look to see how it has improved (or not) and verify the best way to build security into the application. The Android InApp Billing API is a powerful part of the Android framework that allows Read More › AndroidAndroid InApp BillingAPIapplication program interfaceFruit NinjaGoogleInApp billingJSONpurchase verification
Don’t Get Phished – 7 Tips to Avoid This Common Cyber Attack Dec 6, 2018 by Guy Cohen Phishing is the most common type of cyber-attack that impacts organizations both large and small. These attacks may take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Unfortunately, some of the more common ways we might Read More ›
Application Securityartificial intelligencecloudDevOpsDevSecOpsIoTmicroservicesmobilesoftware exposuresoftware security AppSec Is Dead, but Software Security Is Alive & Well Dec 4, 2018 by Matthew Rose Everyone agrees that an enterprise’s application ecosystem must be protected, especially when data breaches are reported with alarming frequency and the average total cost of a breach comes in at $3.62 million. However, defeating increasingly severe threats requires a holistic approach to security, one that places an emphasis on managing not only application vulnerabilities but all Read More › Application Securityartificial intelligencecloudDevOpsDevSecOpsIoTmicroservicesmobilesoftware exposuresoftware security
AndroidBLEAHdata exfiltrationInternet Of ThingsIoTmobile applicationSmart BulbsSniffingUbertoothWiresharkZengge Smart Bulb Offers Light, Color, Music, and… Data Exfiltration? Nov 21, 2018 by David Sopas Smart bulbs are widely known as a successful offering in home automation and IoT products, as they are internet-capable light bulbs that allow home users to customize the colors, schedule on and off times, and control them remotely. Some even play music and could improve your sleep. Any device that can wireless connect with phone Read More › AndroidBLEAHdata exfiltrationInternet Of ThingsIoTmobile applicationSmart BulbsSniffingUbertoothWiresharkZengge
AndroidCSRFCSSDenial of Serviceexposed databaseGarminGo 520GPS devicenavigation appsremediationsecurity researchsoftware exposureTomTomunencrypted HTTTPvulnerabilities Navigation Apps: Leading the Way? Or Following You? Nov 15, 2018 by David Sopas In the United States alone, 84% of adults are using navigation applications, according to a recent Gallup poll. Whether they’re downloading it in an app store or the navigation capability is already built into the car, these navigation tools are taking us to the grocery store, to our grandparents’ house, to job interviews, and everywhere Read More › AndroidCSRFCSSDenial of Serviceexposed databaseGarminGo 520GPS devicenavigation appsremediationsecurity researchsoftware exposureTomTomunencrypted HTTTPvulnerabilities