Sharing knowledge and moving towards securing all the things!

Originally a software developer (for 17 years), Tanya Janca, CEO of We Hack Purple, switched to security seven years ago. She founded the company to share as much knowledge as possible in hopes of moving the industry forward towards creating more secur… Continue reading Sharing knowledge and moving towards securing all the things!

Put Your AppSec Program in the Fast Lanes with the New NIST Standards for Security Testing.

Read Time 2 minutes DevOps is fast. Security is slow. That is about to change for enterprises willing to adopt the new standards outlined by NIST
The post Put Your AppSec Program in the Fast Lanes with the New NIST Standards for Security Testing. appe… Continue reading Put Your AppSec Program in the Fast Lanes with the New NIST Standards for Security Testing.

ShiftLeft Educate provides consistent and contextual training for developers of different skill levels

ShiftLeft announced general availability of ShiftLeft Educate, a solution that delivers highly-effective security training for developers within the developer workflow. Designed in partnership with Application Security Training platform Kontra, ShiftLe… Continue reading ShiftLeft Educate provides consistent and contextual training for developers of different skill levels

Developer Education: Learning to Secure Code on Demand

Scanning your code base frequently to discover security risk early in development gives engineers more time time to address issues. But security risk is a challenging issue and most developers need more than just time.
Consider:

Over 60% of identified… Continue reading Developer Education: Learning to Secure Code on Demand

API Security Need to Know: Top 5 Authentication Pitfalls

The recent rash of API security incidents (Peloton, Experian, Clubhouse, etc.) has no doubt forced many security and development teams to take a closer look at their API security posture to ensure they are not the next headline. Creating an inventory o… Continue reading API Security Need to Know: Top 5 Authentication Pitfalls

Why XSS is still an XXL issue in 2021

Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a significant infosec problem, XSS attacks have remained a constant of the OWA… Continue reading Why XSS is still an XXL issue in 2021

ShiftLeft helps orgs benchmark and validate the accuracy of ShiftLeft CORE using OWASP Benchmark

ShiftLeft has released a tool enabling businesses to independently benchmark and validate the accuracy of ShiftLeft CORE using the Open Web Application Security Project (OWASP) Benchmark Project, a Java test suite designed to evaluate the accuracy of v… Continue reading ShiftLeft helps orgs benchmark and validate the accuracy of ShiftLeft CORE using OWASP Benchmark