All PostsTag : Application Security
AppSec Metrics That Matter
Jul 11, 2017 By Sarah Vonnegut |
Metrics matter. Metrics are important because they tell you, stakeholders and budget planners how well you’re meeting your set goals. Metrics ensure that your program has visibility and is the only way to effectively communicate the value of your application security program. If you simply go through the AppSec motions of scanning and fixing, you have no insight into how effective your application security program is or if you’re hitting either your security goals or business goals.
</Read More>
</Read More>
How to Raise Cybersecurity Awareness at all Levels of Your Organization
Jun 15, 2017 By Sarah Vonnegut | We’ve said it once and we’ll say it again: an organization is only as secure as its weakest link. Most, if not all, of your employees are online and on their mobile devices in your workplace, whether you have a BYOD policy in place or not. Developers release software with millions of lines of code, your management discuss and share privileged information, and the rest of the organization opens emails regardless of whether they know the sender or not.
</Read More>
</Read More>
5 Steps to Stand Out with your AppSec Routine
Jun 01, 2017 By Sarah Vonnegut | In most organizations, Application Security is sadly behind in adoption, especially when compared to Network Security. And yet, with 84% of attacks aimed at the application layer, we need to turn our focus more towards AppSec. As we use and deploy more and more apps, the interdependencies between them complicate internal infrastructures, leading to more opportunities for misconfigurations and holes that could be used by attackers.
</Read More>
</Read More>
A Closer Look: OWASP Top 10 Application Security Risks
May 22, 2017 By Arden Rubens | Open Web Application Security Project (OWASP) is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, the OWASP Top 10 releases a list every four years consisting of the top biggest Application Security Risks.
</Read More>
</Read More>
INFOGRAPHIC: OWASP Top 10 Application Security Risks
May 19, 2017 By Arden Rubens | The OWASP Top 10 Application Security Risks 2017 has just been released for public comment. The list takes a good look at the most critical application security risks facing organizations and developers today, with the big goal of raising awareness, upping the knowledge, and helping security teams and developers release secure applications.
</Read More>
</Read More>
March 2017: Top Hacks and Breaches [INFOGRAPHIC]
Apr 04, 2017 By Arden Rubens | The month of March in hacks and breaches began strong with discovery of a database containing 1.4B records left exposed by one of the biggest senders of spam. A few days after, WikiLeaks released details on secret CIA hacking tools used to break into computers, mobile devices, and smart TVs.
On the 13th of March, Statistic Canada was breached as hackers exploit a new software bug. Hackers managed to break into the national statistics’ bureau by exploiting a security bug in Apache Struts 2, a software most commonly used in governmental, financial, and retailer websites.
</Read More>
</Read More>
Top Women in Cybersecurity You Should be Following on Twitter
Mar 07, 2017 By Arden Rubens | Since the begining of information security, the representation of women in cybersecurity has been (and still is) small. So small that women make up only 11% of the information security workforce. But with such a tiny representation in the industry comes a big opportunity.
There is 1 million open jobs in #cybersecurity right now, and not enough women to join the field – @devsecops #RSAC
— RSA Conference (@RSAConference) February 14, 2017 For the cybersecurity world, Twitter is a continuous stream of content with various influencers tweeting the latest insights on a daily basis. And some of the most influential and trailblazing women in the industry have been using the platform to keep you in the know.
</Read More>
— RSA Conference (@RSAConference) February 14, 2017 For the cybersecurity world, Twitter is a continuous stream of content with various influencers tweeting the latest insights on a daily basis. And some of the most influential and trailblazing women in the industry have been using the platform to keep you in the know.
</Read More>
February 2017: Top Hacks and Breaches [INFOGRAPHIC]
Mar 05, 2017 By Arden Rubens |
February may be the shortest month, but there definitely was no shortage in hacks and breaches. The month started with a an anonymous hacker single-handedly taking down an entire dark web hosting service with more than 10K Tor-based .onion sites. Then, on February 10th, a security flaw found in WordPress allowed hackers to attack and deface an estimated 1.5M pages. Later on in February, hackers (masked as “Pro_Mast3r”) defaced one of the Trump Administration’s official fundraising websites in a subdomain takeover. On February 28th, data from connected CloudPets teddy bears was leaked after the database was found unsecured. Over 800K users were found in the database, which also contained recorded kids’ voice messages.
</Read More>
February may be the shortest month, but there definitely was no shortage in hacks and breaches. The month started with a an anonymous hacker single-handedly taking down an entire dark web hosting service with more than 10K Tor-based .onion sites. Then, on February 10th, a security flaw found in WordPress allowed hackers to attack and deface an estimated 1.5M pages. Later on in February, hackers (masked as “Pro_Mast3r”) defaced one of the Trump Administration’s official fundraising websites in a subdomain takeover. On February 28th, data from connected CloudPets teddy bears was leaked after the database was found unsecured. Over 800K users were found in the database, which also contained recorded kids’ voice messages.
</Read More>
Key Takeaways from Ponemon’s 2017 Study on Mobile and Internet of Things Application Security
Mar 01, 2017 By Arden Rubens | Today, organizations are developing and releasing mobile and Internet of Things (IoT) devices and apps at a rapid speed. According to recent research, it is estimated that around 50B IoT devices will be connected to the Internet by 2020 while 2017 started with a record 2.2M downloadable apps in the App Store.
Every year, Ponemon Institute releases a study on Mobile and Internet of Things Application Security focusing on understanding how organizations are lowering the risks in mobile and IoT apps in the workplace. Based on this study, while the worry and understanding of mobile and IoT application security threats is increasing. There is a severe lack of urgency in addressing issues and proper application security testing is occurring during later stages in an app’s SDLC.
Continue reading for a full list of key takeaways from Ponemon’s 2017 Study on Mobile and Internet of Things Application Security.
</Read More>
</Read More>
Stay Connected
Sign up today & never miss an update from the Checkmarx blog
