appsec – Page 31 – WindowsTechs.com

Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure

Posted on March 23, 2020 by Mark Miller

Byson Koehler, the Equifax CTO and CISO, delivered the keynote at DevSecOps Days during the 2020 RSAC. Equifax contributed to multiple sessions and panels during the conference. The message was consistent: “Yes, we had a major problem. Here’s what… Continue reading Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure→

Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

Posted on March 19, 2020 by Mark Miller

Editor’s Note: The chapter, “From Silos to Communities” is included in Epic Failures in DevSecOps, Volume 2, which is available for free download.

“What Bill didn’t talk about was that this pod was technically improving the platform in a wa… Continue reading Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]→

Route Intelligence™ Enables Transformation of Traditional Application Security Testing

Posted on March 17, 2020 by Subhash Arja

Route Intelligence™ transforms AppSec testing by providing comprehensive visibility of the entire application attack surface while saving DevSecOps resources through automated vulnerability verification.
One out of every four network breaches la… Continue reading Route Intelligence™ Enables Transformation of Traditional Application Security Testing→

How apache tomcat favicon can be malicious or cause unintended results in application?

Posted on March 12, 2020 by Ajay Takur

At the moment, there aren’t any of those vulnerabilities that we know. I was looking the docs on what damages can be done by hackers if apache tomcat favicon is revealed in web application.

Continue reading How apache tomcat favicon can be malicious or cause unintended results in application?→

Why Manual Verification Still Matters

Posted on March 10, 2020 by Peter Morlion

In the last few years, we’ve continuously been hearing that we should automate, automate, automate. So it might be weird to hear that manual verification still matters. Jeroen Willemsen explains to us why we still need to perform manual chec… Continue reading Why Manual Verification Still Matters→

Is it safe to send sensitive data in the post body to an azure function?

Posted on March 10, 2020 by Jacob Alley

We want our users to send us a post request to an Azure Function endpoint. Is storing sensitive data (such as connectionstrings or passwords) in the post request body going to be an issue? Any insight would be greatly appreciated.

Continue reading Is it safe to send sensitive data in the post body to an azure function?→

AppSec Instrumentation Addresses AppSec Skills Shortage

Posted on March 9, 2020 by Tim Freestone, Vice President of Corporate Marketing

According to ISACA’s State of Cybersecurity 2020 Report, which is based on data gathered from more than 2,000 respondents in more than 100 countries, cybersecurity threats continue unabated while a cybersecurity skills gap is presenting serious c… Continue reading AppSec Instrumentation Addresses AppSec Skills Shortage→

AppSec Instrumentation Addresses AppSec Skills Shortage

Posted on March 9, 2020 by Tim Freestone, Vice President of Corporate Marketing

Nexus Innovator: Ken D’Auria of The Hartford

Posted on March 6, 2020 by Katie McCaskey

“DevSecOps: It works in theory… but does it work in practice?” — Anonymous
DevSecOps is such a new and evolving practice that it is helpful to hear from someone who can articulate, “Yes. DevSecOps works in theory, and in p… Continue reading Nexus Innovator: Ken D’Auria of The Hartford→

Concealing method results

Posted on March 1, 2020 by Stephen

I have to maintain a java application with security code I am not sure is really useful and the original purpose is not clear (and the original developer is long gone).

Basically, the code will check some security parameters before allowi… Continue reading Concealing method results→