With so many application security tools, how do you choose the best ones for your environment? Learn how to assemble your application security toolkit.
Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both.
Bug bounty programs are becoming more popular. Do they work? What are the pitfalls of crowdsourcing application security testing? Our experts weigh in.
Posted in Web Application Security | Comments Off on Bug bounties: A good tool, but don’t make them the only tool in security
The software flaws and weaknesses on our top 10 software vulnerability list for 2019 are easy to find and fix with the right application security guidance.
The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?
Organizations manage 363 APIs, on average. But vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics.
Posted in Web Application Security | Comments Off on It’s past time to pay much more attention to API security
Leaky APIs expose customer data for free to anyone who knows the URL. What are you doing to protect your customers from hackers targeting your APIs?
Each application security testing tool (e.g., SAST, IAST, DAST, RASP) has distinct advantages, but you’ll get the best results when you use them together.
Remediating XSS (cross-site scripting, or HTML injection) is difficult without understanding validation, sanitization, and normalization/canonicalization.
Posted in Web Application Security | Comments Off on Remediating XSS: Does a single fix work?
Should you replace any of your application security testing tools with a RASP solution? RASP should complement, rather than replace, your testing strategy.