Software Integrity Blog

Archive for the 'Application Security' Category

 

[Webinar] Are You Acquiring the Next Big Breach?

Learn why application security vulnerabilities are a serious consideration in tech due diligence and how to evaluate your security risk in M&A transactions.

Continue Reading...

Posted in Application Security, Mergers & Acquisitions, Webinars

 

What is the Ghostcat vulnerability (CVE-2020-1938)?

Ghostcat (CVE-2020-1938) is an Apache Tomcat vulnerability that allows remote code execution in some circumstances. Here’s how to find and mitigate it.

Continue Reading...

Posted in Application Security, Open Source Security

 

Tips for working from home without losing your marbles or compromising security

Our longtime remote employees have some tips for working from home to keep you sane, and your company’s assets secure, during a strange, stressful time.

Continue Reading...

Posted in Application Security

 

How to deal with legacy vulnerabilities

Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?

Continue Reading...

Posted in Application Security, Open Source Security

 

SAST and SCA: Why use both?

If you use an SCA tool, why should you use a SAST tool as well? Let’s discuss what each tool can and can’t do and how they complement each other.

Continue Reading...

Posted in Application Security, Software Composition Analysis (SCA), Static Analysis (SAST)

 

What is security debt, and how do I get out of it?

Security debt refers to the accumulation of vulnerabilities in your software that make it harder to protect your data and systems. How do you get rid of it?

Continue Reading...

Posted in Application Security

 

How do you effectively remediate the increasing sea of vulnerabilities?

With applications containing more and more open source, and 40+ vulnerabilities disclosed daily, how do you prioritize your remediation efforts?

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA)

 

Thoreau’s ‘simplify’ exhortation hovers over RSA

Developers have no time for your complex security processes. Making application security simple means focusing on essentials and cutting through the noise.

Continue Reading...

Posted in Application Security, Developer Enablement

 

At RSA: The road to better security is to make it easier

How do you encourage people to do something? Make it easy. Developers too will adopt application security practices, if you make them easy. Here’s how.

Continue Reading...

Posted in Application Security, Developer Enablement

 

3 reasons DevSecOps is getting so much attention

Interest in DevSecOps is on the rise. What’s driving this interest? And how can teams use this knowledge to modernize their application security programs?

Continue Reading...

Posted in Agile, CI/CD & DevOps, Application Security