Last week’s news introduced us to another pair of vulnerabilities hitting right at the foundation of everything we place our trust in. Named KRACK and ROCA, these flaws target specific facets of Wi-Fi networks and cryptographic keys, meaning that attackers can potentially sneak into networks we consider private, and decipher things we consider secret. Who’s affected? […]
Continue Reading...
Posted in Application Security, Data Breach, Security Training, Vulnerability Assessment | No Comments »
October is Cyber Security Awareness Month. The internet has revolutionized how we do business, stay in touch, and shop. As we upload more of our lives onto the internet, we put more of ourselves at risk. A little security goes a long way in protecting what we do online. Here are four quick tips to […]
Continue Reading...
Posted in Security Training, Web Application Security | Comments Off on 4 simple steps to encourage online safety at your company
DevOps enables you to release features and bug remediation efforts faster than ever before through Agile methodologies, CI/CD processes, and open source tools. While traditional security activities have trouble keeping pace with DevOps, it’s also critical not to let security fall behind. Is security tripping you up? As the DevOps revolution continues to advance, security […]
Continue Reading...
Posted in Agile Methodology, CI/CD, DevOps, Security Training | Comments Off on Webinar: Update your AppSec strategy to run effectively in a DevOps world
Let’s say you tested 46 web applications, 19 mobile apps, and 20 client-server apps this year alone. You also purchased a new application security testing tool in the process. You found 112 vulnerabilities and all-in-all you’re feeling pretty good. But before you get too excited, ask yourself a few questions: Did you reduce risk significantly? […]
Continue Reading...
Posted in Application Security, Security Standards and Compliance, Security Training, Software Security Program Development | Comments Off on How can you tell if your software security strategy is working?
There is a sad reality in the software world that developer education and training not only neglect software security, but often teach developers the wrong activities to secure it. This ranges from the ‘get it to work and move on’ habit to insecure code samples in the tutorials and forums we all use when learning new […]
Continue Reading...
Posted in Secure Coding Guidelines, Security Training, Web Application Security | Comments Off on Insecure example code leads to insecure production code
Software developers and information security professionals have almost always been two mutually exclusive groups. However, with the increase in security awareness, developers have started integrating security into the development process. To further bridge the gap between development and security, it is essential for developers to have a good understanding of security principles. In this post, […]
Continue Reading...
Posted in Application Security, Security Training, Software Security Testing, Vulnerability Assessment | Comments Off on Security topics every software developer should know
Synopsys Principal Security Consultant, Ksenia Dmitrieva-Peguero, recently posed the question at the information security conference, Securi-Tay: How secure is AngularJS? With seven years of experience in the AppSec space, and five years of software development experience, Ksenia’s current concentration centers on the analysis of JavaScript frameworks–researching their security implications, vulnerability discovery, and remediation. In her latest […]
Continue Reading...
Posted in Application Security, Security Conference or Event, Security Training, Vulnerability Assessment | Comments Off on How secure is AngularJS?
We’re excited to announce a new addition to our eLearning library: Attack & Defense. What’s this course all about? Web applications are becoming an increasingly high-value target for hackers looking to make a quick buck, damage reputations, or just boost their “street cred.” There is no shortage of publicly known attack tools and techniques, and software developers are outnumbered at the […]
Continue Reading...
Posted in Security Training, Web Application Security | Comments Off on Hands-on strategies to counter common web application attacks
Originally posted on SecurityWeek. For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]
Continue Reading...
Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Program Development, Static Analysis (SAST) | Comments Off on Moving beyond ‘moving left’: The case for developer enablement
HTML5 is the fifth revision of the HTML standard. HTML5 and its integration with JavaScript introduce new security risks that require careful consideration when writing web front-end code. Modern web-based software, including mobile web front-end applications, make heavy use of innovative JavaScript and HTML5 browser support to deliver advanced user experiences. Front-end developers focus their […]
Continue Reading...
Posted in Secure Coding Guidelines, Security Training | Comments Off on Learn defensive programming for HTML5 in a day