Software Integrity Blog

Archive for the 'Web Application Security' Category

 

Do you have the right tools in your application security toolkit?

With so many application security tools, how do you choose the best ones for your environment? Learn how to assemble your application security toolkit.

Continue Reading...

Posted in Static Analysis (SAST), Web Application Security | Comments Off on Do you have the right tools in your application security toolkit?

 

How are code quality and code security related?

Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both.

Continue Reading...

Posted in IoT Security, Static Analysis (SAST), Web Application Security | Comments Off on How are code quality and code security related?

 

Bug bounties: A good tool, but don’t make them the only tool in security

Bug bounty programs are becoming more popular. Do they work? What are the pitfalls of crowdsourcing application security testing? Our experts weigh in.

Continue Reading...

Posted in Web Application Security | Comments Off on Bug bounties: A good tool, but don’t make them the only tool in security

 

Top 10 software vulnerability list for 2019

The software flaws and weaknesses on our top 10 software vulnerability list for 2019 are easy to find and fix with the right application security guidance.

Continue Reading...

Posted in Mobile App Security, Web Application Security | Comments Off on Top 10 software vulnerability list for 2019

 

OWASP Top 10 web application security risks

The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?

Continue Reading...

Posted in Software Architecture & Design, Web Application Security | Comments Off on OWASP Top 10 web application security risks

 

It’s past time to pay much more attention to API security

Organizations manage 363 APIs, on average. But vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics.

Continue Reading...

Posted in Web Application Security | Comments Off on It’s past time to pay much more attention to API security

 

These hacks brought to you by ‘leaky’ APIs

Leaky APIs expose customer data for free to anyone who knows the URL. What are you doing to protect your customers from hackers targeting your APIs?

Continue Reading...

Posted in Data Breach Security, Web Application Security | Comments Off on These hacks brought to you by ‘leaky’ APIs

 

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

Each application security testing tool (e.g., SAST, IAST, DAST, RASP) has distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

 

Remediating XSS: Does a single fix work?

Remediating XSS (cross-site scripting, or HTML injection) is difficult without understanding validation, sanitization, and normalization/canonicalization.

Continue Reading...

Posted in Web Application Security | Comments Off on Remediating XSS: Does a single fix work?

 

How RASP complements application security testing to minimize risk

Should you replace any of your application security testing tools with a RASP solution? RASP should complement, rather than replace, your testing strategy.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Web Application Security | Comments Off on How RASP complements application security testing to minimize risk