What do SAST, DAST, IAST and RASP mean to developers?

It’s estimated that 90 percent of security incidents result from attackers exploiting known software bugs. Needless to say, squashing those bugs in the development phase of software could reduce the information security risks facing many organizations today. To...

read more

Why don’t developers write more secure code?

Developers have been rapped in some circles for writing code with security flaws, but is such criticism justified? Where is security on developers’ priority list? Programmers certainly have a lot on their plates and while security has been a burning issue in...

read more

Quantifying Software Security Risk

Quantifying Software Security Risk What are the frameworks out there that organizations can use to quantify risk? Risk management is a hot topic across many boardrooms, so much so that the insurance and financial sectors have established frameworks that organizations...

read more

How to Confirm Whether You are Vulnerable to the DROWN Attack

Another OpenSSL vulnerability has been uncovered. The new vulnerability is one in yet a series found lately in the OpenSSL library, a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. The library which powers about 5.5...

read more

The Rise of JavaScript XSS and Practical Mitigation Techniques

Cross Site Scripting (XSS) is listed by OWASP Top 10 as #3 on the list. If you tried to decipher Cross-site Scripting and understand its mitigation, you will soon discover that understanding the different HTML contexts is key to understanding proper mitigations...

read more

How to Quickly Audit Your Cryptography Usage?

Cryptography is an important security security control  for any application.  It is essential in securing data at rest and in transit. But how do you know your team is following good and solid crypto practices? How do you know whether there are gaps that need to be...

read more

Setting up a Secure Instance of Express JS (GitHub Repo)

In a previous blog post I mentioned ways to secure your ExpressJS instance. This included both using third party modules and modifications to the default configuration of Express. The blog post received great feedback, so we decided to create a skeleton that showed...

read more

Reading through the IRS Hack: Failures and Analysis

IRS has reported that  thieves stole tax information from 100,000 taxpayers, pretty disturbing news on multiple levels. The first level of disturbance is obviously that an organization like the IRS which has more information on every single citizen – probably...

read more

Security Comparison: AngularJS vs Backbone.js vs Ember

Introduction Client side JavaScript security is becoming more and more of an issue with the shift to Single Page Applications or SPAs in modern web development. There are many different libraries and frameworks to pick from when you set out to build your own SPA. The...

read more
White Paper - Proving Adherence to Software Security Best Practices

White Paper - Proving Adherence to Software Security Best Practices

Industry standards and the best practices for developing secure software. Please provide your email and name to receive your copy.

Success! Your copy is on the way.