Software Integrity Blog

Archive for the 'Web Application Security' Category

 

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

Each application security testing tool (e.g., SAST, IAST, DAST, RASP) has distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security

 

Remediating XSS: Does a single fix work?

Remediating XSS (cross-site scripting, or HTML injection) is difficult without understanding validation, sanitization, and normalization/canonicalization.

Continue Reading...

Posted in Web Application Security

 

How RASP complements application security testing to minimize risk

Should you replace any of your application security testing tools with a RASP solution? RASP should complement, rather than replace, your testing strategy.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Web Application Security

 

The what, why, and who of runtime application self-protection (RASP)

What is runtime application self-protection?According to Gartner, runtime application self-protection is “a security technology that is built on or linked into an application runtime environment, and is capable of controlling application execution, and detecting and preventing real-time attacks.”

Continue Reading...

Posted in Web Application Security

 

The 4 most important secure development disciplines

Being the most innovative and successful cloud monitoring company on the market, developing new features to production every day, it’s not only crucial to deliver the best user experience, performance and high reliability, but also guarantee the highest SECURITY for our customers.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security, Static Analysis (SAST), Web Application Security

 

Survey: Mobile and web apps are top security challenge

A Synopsys survey reveals that the security of customer-facing web and mobile apps is the top security challenge for IT professionals in Asia.

Continue Reading...

Posted in Mobile App Security, Web Application Security

 

What’s happening with the OWASP Top 10 2017?

One of my favorite books, “The Hitchhiker’s Guide to the Galaxy,” describes itself in the introduction like this:

Continue Reading...

Posted in Software Compliance, Quality & Standards, Web Application Security

 

7-year-old SAMBA flaw prompts new concerns (and patches)

With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that:

Continue Reading...

Posted in Software Architecture & Design, Web Application Security

 

Why should every eCommerce website have an SSL certificate?

In the world of data security, a critical element of working with users is earning their trust. Obtaining, implementing, and properly using an SSL certificate is one way to protect user data. Without a certificate, there is also no easy way to keep the communications between the user and an eCommerce website private from attackers. What is encryption? Encryption protects data and keeps secrets out of reach from eavesdroppers. It seems like the stuff of movies and television dramas. It’s often portrayed in the media as some impenetrable obstacle that can’t be overcome without keys. Or, as an easy challenge to solve with rapid typing and a few progress bars.

Continue Reading...

Posted in Software Architecture & Design, Web Application Security

 

BURP’s proxy tool and the case of the missing cipher suites

During a recent iOS application penetration test, I was attempting to proxy network traffic using the BURP proxy tool. In doing so, I configured my device to use BURP as proxy, and voila, I was able to see the traffic (oh, the joys of certificate pinning).

Continue Reading...

Posted in Web Application Security