The Top 3 Challenges DevOps Poses to Security Teams

DevOps has revolutionized how new applications are brought online, but it is also challenging how security teams do their jobs. In theory, DevOps can make applications more secure by baking security into the Sofware Development Lifecycle from the earliest stages of...

read more

There is More to Application Security than Bulletproof Code

In recent months, momentum has been mounting for developers to write code for their applications that is more secure. While writing secure code is vital to the security of an organization, it’s not the final word in creating applications resistant to attacks. A...

read more

What do SAST, DAST, IAST and RASP mean to developers?

It’s estimated that 90 percent of security incidents result from attackers exploiting known software bugs. Needless to say, squashing those bugs in the development phase of software could reduce the information security risks facing many organizations today. To...

read more

Why don’t developers write more secure code?

Developers have been rapped in some circles for writing code with security flaws, but is such criticism justified? Where is security on developers’ priority list? Programmers certainly have a lot on their plates and while security has been a burning issue in...

read more

Quantifying Software Security Risk

Quantifying Software Security Risk What are the frameworks out there that organizations can use to quantify risk? Risk management is a hot topic across many boardrooms, so much so that the insurance and financial sectors have established frameworks that organizations...

read more

How to Confirm Whether You are Vulnerable to the DROWN Attack

Another OpenSSL vulnerability has been uncovered. The new vulnerability is one in yet a series found lately in the OpenSSL library, a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. The library which powers about 5.5...

read more

The Rise of JavaScript XSS and Practical Mitigation Techniques

Cross Site Scripting (XSS) is listed by OWASP Top 10 as #3 on the list. If you tried to decipher Cross-site Scripting and understand its mitigation, you will soon discover that understanding the different HTML contexts is key to understanding proper mitigations...

read more

How to Quickly Audit Your Cryptography Usage?

Cryptography is an important security security control  for any application.  It is essential in securing data at rest and in transit. But how do you know your team is following good and solid crypto practices? How do you know whether there are gaps that need to be...

read more