There is More to Application Security than Bulletproof Code

In recent months, momentum has been mounting for developers to write code for their applications that is more secure. While writing secure code is vital to the security of an organization, it’s not the final word in creating applications resistant to attacks. A...

read more

What do SAST, DAST, IAST and RASP mean to developers?

It’s estimated that 90 percent of security incidents result from attackers exploiting known software bugs. Needless to say, squashing those bugs in the development phase of software could reduce the information security risks facing many organizations today. To...

read more

Why don’t developers write more secure code?

Developers have been rapped in some circles for writing code with security flaws, but is such criticism justified? Where is security on developers’ priority list? Programmers certainly have a lot on their plates and while security has been a burning issue in...

read more

Quantifying Software Security Risk

Quantifying Software Security Risk What are the frameworks out there that organizations can use to quantify risk? Risk management is a hot topic across many boardrooms, so much so that the insurance and financial sectors have established frameworks that organizations...

read more

How to Confirm Whether You are Vulnerable to the DROWN Attack

Another OpenSSL vulnerability has been uncovered. The new vulnerability is one in yet a series found lately in the OpenSSL library, a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. The library which powers about 5.5...

read more

The Rise of JavaScript XSS and Practical Mitigation Techniques

Cross Site Scripting (XSS) is listed by OWASP Top 10 as #3 on the list. If you tried to decipher Cross-site Scripting and understand its mitigation, you will soon discover that understanding the different HTML contexts is key to understanding proper mitigations...

read more

How to Quickly Audit Your Cryptography Usage?

Cryptography is an important security security control  for any application.  It is essential in securing data at rest and in transit. But how do you know your team is following good and solid crypto practices? How do you know whether there are gaps that need to be...

read more

Setting up a Secure Instance of Express JS (GitHub Repo)

In a previous blog post I mentioned ways to secure your ExpressJS instance. This included both using third party modules and modifications to the default configuration of Express. The blog post received great feedback, so we decided to create a skeleton that showed...

read more

The 8 New Deadly Myths of Application Security


If you want to get clear on the best strategy for software security in your organization, you must first get clear on the problems. Many organizations identify the problems as cryptography, insecure SSL practices, or authentication issues. 

This is why organizations get trapped within incorrect mindsets to find themselves struggling to prove proper adherence to software security best practices or worse, in a middle of a data breach.


Enter your name and email below to understand the myths and start an application security program that works.

You have Successfully Subscribed!