Collaborate Disseminate
Dev + Sec + Ops ! = DevSecOps
DevSecOps formula
Historically, security vendors and code scientists around the world have been looking for a single universal formula to represent the notion of DevSecOps.
In my previous posts, I had introduced Shift… Continue reading Dev + Sec + Ops != DevSecOps
As development organizations seek to innovate faster and build more secure applications at scale, one of the trends we’re seeing is the desire to automate dependency management and bring security into the places where developers spend most o… Continue reading Keep Applications Secure in Atlassian Bitbucket with Automated Pull Requests
When it comes to protecting running applications, traditional defenses that sit on the perimeter lack effective visibility and context to keep pace with attacks. Simply guessing as to the validity of a threat is not enough. This blog spells out five ke… Continue reading State-of-the-Art AppSec Goes Beyond Perimeter Into Application Runtimes
I believe in writing high-quality Go code, and I bet you do, too. I also know I’m not a genius and can’t write high quality code all of the time. Fortunately, a number of Go tools help me write high quality code, with less time and eff… Continue reading How to Use Nancy to Improve Your Go Application Security
Traditional approaches to application security (AppSec) rely on a patchwork of disconnected tools and processes that add high levels of friction to the modern software development life cycle (SDLC). A unified AppSec platform provides continuous and com… Continue reading Emerging from the Tool Swamp to a Unified AppSec Platform
The application security market is saturated with tools like DAST, SAST, IAST, and RASP – which can be overwhelming. Each of these tools play a specific security role within the SDLC, but are they really representative of AppSec risk or just diff… Continue reading Your Guide to AppSec Tools: SAST or SCA?
Sensitive data often leaks out through applications. The privacy risk is not developer negligence, but rather misplaced trust in pre-General Data Protection Regulation (GDPR) solutions and infrastructure. Enterprises should turn to modern AppSec s… Continue reading Protect Sensitive Data, Reduce Risk, and Gain Regulatory Compliance with Embedded Data Security
Are there any applications/tools for exploiting desktop applications? (with pre-built exploits)
I’d like to test my Java desktop app for security.
I’ve looked at tools like Metasploit, but they seem to be geared towards entire networks. … Continue reading Can demo exploits/attacks be run on desktop applications?
The threat landscape is constantly evolving, growing in sophistication as well as volume and velocity. This presents serious challenges for organizations of all sizes and industry sectors. Software applications are a top target when it comes to cyberat… Continue reading What Vulnerabilities and Attacks Matter? Insights from Contrast Labs’ AppSec Intelligence Report
According to a new report from the Neustar International Security Council (NISC), over one-quarter of security alerts fielded within organizations are false positives. Surveying senior security professionals across five European countries and the U.S.,… Continue reading Accuracy in AppSec Is Critical to Reducing False Positives