Collaborate Disseminate
Visibility within an application security (AppSec) program is key to accountability. CISOs and executive leaders can’t expect to hold developers and product lines responsible for security …
The post Accountability Through Reporting: The Path to True … Continue reading Accountability Through Reporting: The Path to True DevSecOps
What is the relation of semicolon with reverse proxy and how is it able to escape context/servlet mapping in reverse proxies such as IIS, NGINX, Apache?
Like I’ve seen multiple times where people have reported the use of semicolon to escap… Continue reading Semicolon’s relation with reverse proxy
Single-page web apps are massively growing in popularity. Sites such as Airbnb, Pinterest and LinkedIn represent a new approach to designing and building web sites. The single-page app (SPA) is a next-gen web app and offers a faster and cleaner user e… Continue reading Securing Single-Page Web Applications
If you have ever considered how hackers and other cyber attackers on the internet use different paths to harm systems and software, you already know a …
The post What is Application Security Risk? appeared first on ZeroNorth.
The post What is Applica… Continue reading What is Application Security Risk?
In a nutshell, application security (AppSec) testing is the process of ensuring software is built to be as resistant as possible to outside threats. When applications …
The post What is Application Security Testing and How Does it Affect Software? ap… Continue reading What is Application Security Testing and How Does it Affect Software?
I’m going to do my master’s degree in another country and decided to level up my skills.
I have 10 months of work experience in application security, and I know the basics of how things function in theapp sec domain.
So I thought of learni… Continue reading What programming language for pen tester in application security? [closed]
Considering the threats posed by the digital world, organizations today must think about security and the way it affects their software. With business outcomes and revenue …
The post SAST vs. DAST: What’s the Difference? appeared first on ZeroNorth.
… Continue reading SAST vs. DAST: What’s the Difference?
Nearly three-quarters of CISOs aren’t confident that code in cloud-native architectures is free of vulnerabilities before it goes into production, according to research from Dynatrace. The report, based on a global survey of 700 CISOs in large enterpr… Continue reading CISOs Say Application Security is Broken
I want to do a secure code review for an app written in SWIFT. I am looking for some documentation, guidelines and regex pattern repository available.
Continue reading Is there any regex repository available for secure code review of swift language?
With all the talk about the ongoing menace of ransomware, it’s easy to overlook application-specific attacks. But new research from WhiteHat Security shows that there might just be a greater likelihood of the latter. Most troubling in the latest insta… Continue reading Window of Exposure Wide Open for Utilities’ Apps