Collaborate Disseminate
Now that SP800-53 Revision 5 has been released in its final form, those with systems in the federal government and those enterprises that work with the federal government may be wondering when they need to be in compliance with the new security framewo… Continue reading More Details on the NIST SP800-53 Revision 5 Finalized Security and Privacy Framework
It turns out the SANS Institute created a report titled, “Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications” in April of 2019, and covers a lot of useful… Continue reading Still Looking For RASP Resources? SANS Has A RASP Report
A new investigation by Which? has found hundreds of data security vulnerabilities on the websites of 98 travel companies including significant problems at Marriott, British Airways and EasyJet, which were in the top 5 companies with the most discovered… Continue reading Travel Giants Fail to Secure Websites, Despite High Profile Breaches
Draft 5 of SP 800-53 closed its comment period back in May, and was just released as SP 800-53 Revision 5 on September 23, 2020 in its final form.
The post NIST SP 800-53 Revision 5 Released – Next Generation Security and Privacy Controls appeared firs… Continue reading NIST SP 800-53 Revision 5 Released – Next Generation Security and Privacy Controls
Draft 5 of SP 800-53 closed its comment period back in May, and SP 800-53B was released shortly afterwards in July of 2020, and opened its comment period, which just closed on September 11, 2020, moving it one step closer to becoming a standard.
The po… Continue reading NIST SP 800-53 Gets One Step Closer to Becoming a Standard
Digital transformation projects demand that developers continually roll out new applications to fuel those efforts. These new applications and APIs can surface sensitive data and must be protected in production: RASP (runtime application self protectio… Continue reading The Inside-Out Application Security Opportunity with RASP
On August 13, 2020, Apache published a security bulletin that addressed a couple of application vulnerabilities in Struts 2, which included CVE-2019-0230. At the same time, proof-of-concept (POC) exploit code was released on GitHub. CVE-2019-0230 is a … Continue reading Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks
When it comes to protecting running applications, traditional defenses that sit on the perimeter lack effective visibility and context to keep pace with attacks. Simply guessing as to the validity of a threat is not enough. This blog spells out five ke… Continue reading State-of-the-Art AppSec Goes Beyond Perimeter Into Application Runtimes
Traditional approaches to application security (AppSec) rely on a patchwork of disconnected tools and processes that add high levels of friction to the modern software development life cycle (SDLC). A unified AppSec platform provides continuous and com… Continue reading Emerging from the Tool Swamp to a Unified AppSec Platform
The CyberEdge Group’s recently released 2020 Cyberthreat Defense Report (CDR) details findings based on a survey of 1200 security IT professionals from around the globe. Although multiple key takeaways emerged from analyzing their perceptions and… Continue reading The 2020 Cyberthreat Defense Report: Simplify Security with Unified Tools and Monitoring