Collaborate Disseminate
Given the fact that I have a WAF already deployed, what is the benefit I could get by purchasing a SAST tool that would scan the engineers’ code for security flaws?
Does this also apply for SCA tools where they can alert in … Continue reading SAST vs WAF: What should I choose?
Were working towards implementing a SDLC for a company and as in any complex environment there are differences of opinion for the new process. Some of the developers want to make use of one directory others want to use anothe… Continue reading Security implications of source code location
We’re delighted to announce a Netsparker Enterprise update. The highlights in this update are auto update support for scanner agents, an improved Manage Agents page, a new API endpoints for managing issues, and a new Manage Issues (Restricted) permissi… Continue reading June 2019 Update for Netsparker Enterprise
Application security is crucial right from the early stages of web application development. Developers and other team members involved in the product design stage should at least be aware of the need for web application security. However, recent studie… Continue reading Application Security is Vital Throughout SDLC
How many times have you read marketing propaganda for information security products that includes slogans that sound like the following?
“Find out what’s lurking inside your system.”[1]
“With network security, if you’re n… Continue reading Cyber Security FUD – Fear and the Growth of the InfoSec Industry
I have been asked to perform risk assessment for a company. The scope covers about 100 applications and in various business units. Major task is to assess currently implemented security controls and provided recommendations a… Continue reading Security Testing Methods for Enterprise Level
Basketball legend Michael Jordan once said, “Talent wins games, but teamwork and intelligence win championships.” When it comes to something as important as your company’s security, you can’t afford to rely on anything less than… Continue reading 9 Key Players for a Winning Security Team
I develop applications on my local computer that I later deploy to a TLS production server. Should I develop with TLS on or off?
Ferruh Mavituna, Founder and CEO of Netsparker, was interviewed by Paul Asadoorian and host Larry Pesce for Paul’s Security Weekly #557, with Jeff Man joining them via Skype. They talked about the role of dynamic web application testing (DAST) within t… Continue reading Ferruh Mavituna Talks About Security in the SDLC on Paul’s Security Weekly Podcast
I know results from Static Application Security Testing (SAST) can be false positives or real and it is up to the security analyst and developer to decide which vulnerability is real based on the scenario and context.