Agile Software Developmentdata breachIASTSASTsecure coding practicessoftware exposure Vulnerable Software – The Gift that Keeps on Giving Jun 13, 2019 by Stephen Gates Concerning the latest data breaches on record, this past May was rather noteworthy. A host of organizations from around the world announced in fact, that they had experienced a data breach. From online retailers, travel booking sites, and high-tech startups, to social sharing sites, healthcare billing firms, and even title insurance companies, the long list Read More › Agile Software Developmentdata breachIASTSASTsecure coding practicessoftware exposure
CI/CDDASTDevOpsDevSecOpsIASTSAST What the heck is IAST? May 21, 2019 by Dana Raveh The application security testing (AST) world is made up of different solutions, all with one ultimate goal – to protect software from hackers, and their attacks. SAST and DAST are perhaps the two most common and well-known solutions. In the last few years, a newcomer has gradually received more-and-more attention – IAST. So what is Read More › CI/CDDASTDevOpsDevSecOpsIASTSAST
continuous integrationDevOpsDevSecOpsIASTSAST SAST & IAST – The Power Couple in the DevSecOps Era May 8, 2019 by Dana Raveh DevSecOps has become one of the hottest buzzwords in the DevOps and security ecosystem over the past couple of years. But what is it, and how do you turn it into reality? DevSecOps executes on the belief that security and development teams are jointly responsible for bolstering security – essentially bringing development and operations Read More › continuous integrationDevOpsDevSecOpsIASTSAST
Application SecuritySASTSecure CodingSource Code Analysisstatic code analysis Introducing the Checkmarx Certified Engineer Program (CxCE) Aug 1, 2018 by Liora R. Herman If you were to take a look at the current job market for developers, application security engineers, solution architects, penetration testers, or systems engineers, it’s clear that application security testing skill sets are in high demand. You’ll also notice that Checkmarx has become synonymous with application security testing. Gartner further validated this by naming Checkmarx Read More › Application SecuritySASTSecure CodingSource Code Analysisstatic code analysis
Application SecurityApplication Security VulnerabilitiesSASTSDLCStatic Application Security Testing Why SAST is Essential for a Security Vulnerability Assessment May 5, 2016 by Sarah Vonnegut Let’s start with this: the idea of a security vulnerability assessment is certainly not “breaking news”. For centuries, organizations have proactively scanned their physical security in search of real or potential weaknesses, and for decades they’ve shifted their skeptical gaze to IT systems and devices. And while it’s true that some organizations are better Read More › Application SecurityApplication Security VulnerabilitiesSASTSDLCStatic Application Security Testing
Application SecurityBlack Box TestingSASTSource Code AnalysisVulnerabilityWhite Box Testing White Box vs. Black Box Testing Tools: How Would You Treat Your Symptoms? Mar 28, 2016 by Amit Ashbel When I feel ill, I take a trip to my doctor. At first, the doctor will run some tests to see if there is anything visible that can help indicate what treatment should be given. (Disclaimer: the writer of this post is in no way or manner a medical doctor). The Black Box approach The Read More › Application SecurityBlack Box TestingSASTSource Code AnalysisVulnerabilityWhite Box Testing
Automated TestingSASTSDLCSecure SDLCSecurity Testing Security Testing in the SDLC: A Beginner’s Guide Feb 26, 2016 by Sarah Vonnegut As requirements for faster release cycles and applications packed with more features than ever keep organizations rushing to production, we can’t afford to skip a beat when it comes to security. Developers with all stages of security knowhow are being hired, and right beside giving developers a thorough education in secure coding is ensuring the Read More › Automated TestingSASTSDLCSecure SDLCSecurity Testing
Application SecurityMalwareMobile SecurityphishingSASTSDLCSecure Codingstatic code analysisVulnerability All You Wanted To Know About Online Banking Security Jan 17, 2016 by Sharon Solomon Gone are the days when people frequented their banks to get their errands done. With more and more banking activities being performed online via web and mobile applications, the security risks are rising exponentially. But are banks and financial institutions doing enough to safeguard our privacy and financial assets? What are the risks and what Read More › Application SecurityMalwareMobile SecurityphishingSASTSDLCSecure Codingstatic code analysisVulnerability
Cloud SecurityIaaSPaaSSaaSSASTstatic code analysis All You Wanted To Know About Cloud Security Dec 9, 2015 by Sharon Solomon The IT world is advancing at an astonishing pace. Just a few years ago data was stored physically on databases and software was managed manually. But today more and more organizations are gravitating towards cloud based solutions for their computing needs. While being extremely convenient, cheap and hassle-free, insecure programming can lead to a plethora of vulnerabilities and Read More › Cloud SecurityIaaSPaaSSaaSSASTstatic code analysis
Application SecurityCross Site ScriptingDASTPenetration TestingRafay BalochSASTWAFXSS Eye Of The Hacker: Analyzing Today’s Top Application Security Solutions Aug 20, 2015 by Sharon Solomon Rafay Baloch takes no prisoners when it comes to exposing vulnerabilities. An ethical hacker since the young age of 14, Baloch is now known within InfoSec circles as a seasoned security expert. His ever-growing list of “victims” includes leading platforms such as Android, Google, PayPal and Nokia, with the former earning him worldwide acclaim. Read More › Application SecurityCross Site ScriptingDASTPenetration TestingRafay BalochSASTWAFXSS