Software Integrity Blog

Archive for the 'Web Application Security' Category

 

Bug bounties: A good tool, but don’t make them the only tool in security

Bug bounty programs are becoming more popular. Do they work? What are the pitfalls of crowdsourcing application security testing? Our experts weigh in.

Continue Reading...

Posted in Web Application Security | Comments Off on Bug bounties: A good tool, but don’t make them the only tool in security

 

Top 10 software vulnerability list for 2019

The software flaws and weaknesses on our top 10 software vulnerability list for 2019 are easy to find and fix with the right application security guidance.

Continue Reading...

Posted in Mobile Application Security, Web Application Security | Comments Off on Top 10 software vulnerability list for 2019

 

OWASP Top 10 web application security risks

The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design, Web Application Security | Comments Off on OWASP Top 10 web application security risks

 

It’s past time to pay much more attention to API security

Organizations manage 363 APIs, on average. But vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics.

Continue Reading...

Posted in Web Application Security | Comments Off on It’s past time to pay much more attention to API security

 

These hacks brought to you by ‘leaky’ APIs

“Leaky” is almost never a good thing. The whole idea, in just about any case, is to make things that don’t leak and to plug things that do.

Continue Reading...

Posted in Data Breach, Web Application Security | Comments Off on These hacks brought to you by ‘leaky’ APIs

 

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

Each application security testing tool (e.g., SAST, IAST, DAST, RASP) has distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

 

Remediating XSS: Does a single fix work?

Remediating XSS (cross-site scripting, or HTML injection) is difficult without understanding validation, sanitization, and normalization/canonicalization.

Continue Reading...

Posted in Web Application Security | Comments Off on Remediating XSS: Does a single fix work?

 

How RASP complements application security testing to minimize risk

Should you replace any of your application security testing tools with a RASP solution? RASP should complement, rather than replace, your testing strategy.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Web Application Security | Comments Off on How RASP complements application security testing to minimize risk

 

The what, why, and who of runtime application self-protection (RASP)

What is runtime application self-protection? According to Gartner, runtime application self-protection is “a security technology that is built on or linked into an application runtime environment, and is capable of controlling application execution, and detecting and preventing real-time attacks.”

Continue Reading...

Posted in Web Application Security | Comments Off on The what, why, and who of runtime application self-protection (RASP)

 

The 4 most important secure development disciplines

Being the most innovative and successful cloud monitoring company on the market, developing new features to production every day, it’s not only crucial to deliver the best user experience, performance and high reliability, but also guarantee the highest SECURITY for our customers.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security, Static Analysis (SAST), Web Application Security | Comments Off on The 4 most important secure development disciplines