Collaborate Disseminate
Applications are no longer standalone monoliths, they now rely on thousands of independent building blocks: cloud infrastructure, databases, SaaS components such as Stripe, Slack and HubSpot, just to name a few. This is a significant shift in software… Continue reading Secrets Detection: An Emerging AppSec Category
I am doing security testing for my java web application which is built on Struts. The very first vulnerability I found by burp suite is that I am able to change request parameter values.
How can we validate these values if someone changes … Continue reading Validating data sent by a client [migrated]
Traditionally, security systems and cybersecurity efforts focused on infrastructure, and often worked in silos separate from application developers. This approach often left applications vulnerable and susceptible to attack, and cybercriminals are tak… Continue reading Mitigating Threats to the Application Layer
Securing the apps that businesses and individuals have come to rely on, particularly during the pandemic, has become a multidimensional challenge. Recent research underscored the need to more tightly knit DevOps together with SecOps early in the devel… Continue reading Leaky Apps Heighten Supply Chain Risk
I have an Windows 10 desktop application that runs in user mode only, and this application is a local tool only — that is, it does not "talk to the internet".
As an example:
This application uses libxml2 as a DLL distributed in … Continue reading Is an outdated library in a Windows user mode desktop application an actual security risk?
The fundamentals of a formal, effective application security plan should start with business objectives, tools, processes and most of all, data, with the primary driver for securing applications focused on protecting data. While it is important to sur… Continue reading Building Immunity at AppSec Insertion Points
Application layer security or transport layer security which one is better?
TLS is convenient but application layer security will help to provide more security as this post explains
Continue reading Application Layer security vs Transport layer security [closed]
I am currently building a Python desktop application in PyQt/PySide which will be compiled to .exe. I am planning to use the Azure SQL database and a remote file storage (like S3).
An issue arises that the application needs passwords (cred… Continue reading Python desktop application: storing cloud database passwords
I’m looking for some guidance and advice on data security best practices, specifically on how to best separate, store and secure personal identifiable information from other data. The background is that we need some data reported by users … Continue reading PII best practices
A lot of cyberattacks can be prevented by developers who have the right security tools and training. The challenge is that most do not have a full understanding of security best practices. At Secure Coding Virtual Summit, industry-leading AppSec and D… Continue reading Unlock a New Level of Security at Secure Coding Virtual Summit