Software Integrity Blog

Archive for the 'Web Application Security' Category

 

These hacks brought to you by ‘leaky’ APIs

“Leaky” is almost never a good thing. The whole idea, in just about any case, is to make things that don’t leak and to plug things that do.

Continue Reading...

Posted in Data Breach, Web Application Security | Comments Off on These hacks brought to you by ‘leaky’ APIs

 

The AppSec alphabet soup: A guide to SAST, DAST, IAST, and RASP

Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on The AppSec alphabet soup: A guide to SAST, DAST, IAST, and RASP

 

Remediating XSS: Does a single fix work?

Remediating XSS (cross-site scripting, or HTML injection) is difficult without understanding validation, sanitization, and normalization/canonicalization.

Continue Reading...

Posted in Web Application Security | Comments Off on Remediating XSS: Does a single fix work?

 

How RASP complements application security testing to minimize risk

In the era of agile development and outsourcing, implementing a secure software development life cycle (SSDLC) is critical. However, it may not help you achieve the level of risk mitigation you desire. You may need to extend your software security approach to provide an additional layer of protection for applications once they have been deployed. That’s where runtime application self-protection comes in.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on How RASP complements application security testing to minimize risk

 

The what, why, and who of runtime application self-protection (RASP)

What is runtime application self-protection? According to Gartner, runtime application self-protection is “a security technology that is built on or linked into an application runtime environment, and is capable of controlling application execution, and detecting and preventing real-time attacks.”

Continue Reading...

Posted in Web Application Security | Comments Off on The what, why, and who of runtime application self-protection (RASP)

 

Get the latest resource helping development teams overcome widespread challenges

Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because of this, customers, stakeholders, and boards of directors are asking questions of development teams that they never have before. Questions like:

Continue Reading...

Posted in Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Static Analysis (SAST), Web Application Security | Comments Off on Get the latest resource helping development teams overcome widespread challenges

 

The 4 most important secure development disciplines

Being the most innovative and successful cloud monitoring company on the market, developing new features to production every day, it’s not only crucial to deliver the best user experience, performance and high reliability, but also guarantee the highest SECURITY for our customers.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security, Static Analysis (SAST), Web Application Security | Comments Off on The 4 most important secure development disciplines

 

Survey: Mobile and web apps are top security challenge

A Synopsys survey reveals that the security of customer-facing web and mobile apps is the top security challenge for IT professionals in Asia.

Continue Reading...

Posted in Mobile Application Security, Web Application Security | Comments Off on Survey: Mobile and web apps are top security challenge

 

What’s happening with the OWASP Top 10 2017?

One of my favorite books, “The Hitchhiker’s Guide to the Galaxy,” describes itself in the introduction like this:

Continue Reading...

Posted in Security Standards and Compliance, Web Application Security | Comments Off on What’s happening with the OWASP Top 10 2017?

 

4 simple steps to encourage online safety at your company

October is Cyber Security Awareness Month.

Continue Reading...

Posted in Security Training, Web Application Security | Comments Off on 4 simple steps to encourage online safety at your company