Learn How You Can Get a Running Start with DevSecOps

Learn How You Can Get a Running Start with DevSecOps

DevOps is an evolving philosophy, and now is the time–just as you start embracing DevOps in your organization–to start building security into both your DevOps philosophy and processes. DevOps philosophy started with the core principles of W. Edwards Deming’s points on Quality Management, binding the development of services and their ... Read More
Shifting to DevSecOps, with Software Security Testing Built In

Shifting to DevSecOps, with Software Security Testing Built In

Many organizations today are in the process of transitioning to a DevOps-centric approach, but don’t want to leave security behind. In order to build security in from the beginning of their software development process, it’s essential to enhance your security posture by integrating application security testing solutions into the software ... Read More
Software Security Predictions: What to Watch for in 2019

Software Security Predictions: What to Watch for in 2019

Security breaches regularly made headlines this year, while advancements in DevOps, application security testing tools, artificial intelligence, machine learning, cloud adoption, and the Internet of Things race forward. 2019 promises to be another busy year in technology and digital transformation, but what will that look like for software security? Here ... Read More
AppSec Is Dead, but Software Security Is Alive & Well

AppSec Is Dead, but Software Security Is Alive & Well

Everyone agrees that an enterprise’s application ecosystem must be protected, especially when data breaches are reported with alarming frequency and the average total cost of a breach comes in at $3.62 million. However, defeating increasingly severe threats requires a holistic approach to security, one that places an emphasis on managing ... Read More
Apache Struts, RCEs, and the Equifax Breach Anniversary

Apache Struts, RCEs, and the Equifax Breach Anniversary

We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time that Apache announced another critical Apache Struts security flaw (). The latest Apache Struts vulnerability, CVE-2018-11776, was published ... Read More
Don’t Look Away, Peekaboo Vulnerability May Allow Hackers to Play the Long Game

Don’t Look Away, Peekaboo Vulnerability May Allow Hackers to Play the Long Game

The newly named Peekaboo vulnerability is a zero-day flaw in China-based Nuuo’s video recorder technology.The flaw in NVRMini2, a network-attached storage device, has remained unfixed in the three months since the vendor was alerted. This vulnerability put internet-connected CCTV cameras at risk, a grave concern for organizations using the service ... Read More
GovPayNow Breach Demonstrates Long & Short Term Impacts of Security Slips

GovPayNow Breach Demonstrates Long & Short Term Impacts of Security Slips

On Tuesday, security researcher Brian Krebs announced an issue with a service offered by Government Payment Service Inc. called GovPayNow. This service is used by U.S. state and local governments across 35 states, and it looks like it exposed 14 million customer records online. Whose records did they have, and ... Read More