Software Integrity Blog

Archive for the 'Application Security' Category

 

What is the Ghostcat vulnerability (CVE-2020-1938)?

Ghostcat (CVE-2020-1938) is an Apache Tomcat vulnerability that allows remote code execution in some circumstances. Here’s how to find and mitigate it.

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on What is the Ghostcat vulnerability (CVE-2020-1938)?

 

Tips for working from home without losing your marbles or compromising security

Our longtime remote employees have some tips for working from home to keep you sane, and your company’s assets secure, during a strange, stressful time.

Continue Reading...

Posted in Application Security | Comments Off on Tips for working from home without losing your marbles or compromising security

 

How to deal with legacy vulnerabilities

Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on How to deal with legacy vulnerabilities

 

SAST and SCA: Why use both?

If you use an SCA tool, why should you use a SAST tool as well? Let’s discuss what each tool can and can’t do and how they complement each other.

Continue Reading...

Posted in Application Security, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on SAST and SCA: Why use both?

 

What is security debt, and how do I get out of it?

Security debt refers to the accumulation of vulnerabilities in your software that make it harder to protect your data and systems. How do you get rid of it?

Continue Reading...

Posted in Application Security | Comments Off on What is security debt, and how do I get out of it?

 

How do you effectively remediate the increasing sea of vulnerabilities?

With applications containing more and more open source, and 40+ open source vulnerabilities disclosed daily, how do you prioritize your remediation efforts?

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA) | Comments Off on How do you effectively remediate the increasing sea of vulnerabilities?

 

Thoreau’s ‘simplify’ exhortation hovers over RSA

Developers have no time for your complex security processes. Making application security simple means focusing on essentials and cutting through the noise.

Continue Reading...

Posted in Application Security, Developer Enablement | Comments Off on Thoreau’s ‘simplify’ exhortation hovers over RSA

 

At RSA: The road to better security is to make it easier

How do you encourage people to do something? Make it easy. Developers too will adopt application security practices, if you make them easy. Here’s how.

Continue Reading...

Posted in Application Security, Developer Enablement | Comments Off on At RSA: The road to better security is to make it easier

 

3 reasons DevSecOps is getting so much attention

Interest in DevSecOps is on the rise. What’s driving this interest? And how can teams use this knowledge to modernize their application security programs?

Continue Reading...

Posted in Agile, CI/CD & DevOps, Application Security | Comments Off on 3 reasons DevSecOps is getting so much attention

 

How to Cyber Security: It’s all about developers, except when it’s not

To get security testing results in front of developers, who are in the best position to address them effectively, you need automation and integration.

Continue Reading...

Posted in Application Security, Developer Enablement | Comments Off on How to Cyber Security: It’s all about developers, except when it’s not