Ghostcat (CVE-2020-1938) is an Apache Tomcat vulnerability that allows remote code execution in some circumstances. Here’s how to find and mitigate it.
Our longtime remote employees have some tips for working from home to keep you sane, and your company’s assets secure, during a strange, stressful time.
Posted in Application Security | Comments Off on Tips for working from home without losing your marbles or compromising security
Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?
If you use an SCA tool, why should you use a SAST tool as well? Let’s discuss what each tool can and can’t do and how they complement each other.
Security debt refers to the accumulation of vulnerabilities in your software that make it harder to protect your data and systems. How do you get rid of it?
Posted in Application Security | Comments Off on What is security debt, and how do I get out of it?
With applications containing more and more open source, and 40+ open source vulnerabilities disclosed daily, how do you prioritize your remediation efforts?
Developers have no time for your complex security processes. Making application security simple means focusing on essentials and cutting through the noise.
How do you encourage people to do something? Make it easy. Developers too will adopt application security practices, if you make them easy. Here’s how.
Interest in DevSecOps is on the rise. What’s driving this interest? And how can teams use this knowledge to modernize their application security programs?
To get security testing results in front of developers, who are in the best position to address them effectively, you need automation and integration.