We take a look at 3 important AppSec tools and 8 metrics you should track over time.Photo by Isaac Smith on UnsplashWhat is not monitored is not measured. Application Security today is an increasingly data-driven practice that benchmarks success on measurable improvements in code quality and code security. But which metrics are ... Read More

Here is your compliance shortlist (yay!)Photo by Tamara Gak on UnsplashIt shouldn’t be surprising that application security has become more important over the last few years. As part of the move to the cloud, applications have become the foundation of business operations. Today, more companies use more applications to do more ... Read More

We take a look at 11 key criteria when choosing a static analysis tool for modern codePhoto by Caleb Jones on UnsplashFor companies writing and maintaining software at scale today, SAST (Static Application Security Testing) has become an essential tool for increasing code security and reducing cyber risk. First-party code remains a ... Read More

Finding attackable open source vulnerabilities in JS applications with an intelligent SCA approachOpen Source Software (OSS) is at the core of today’s information technology. About 80% of companies run their operations on OSS and 96% of applications are built using open source components. Most of today’s commercial products are shipped with ... Read More

A look at Java security and how to improve it.Photo by Neil Thomas on UnsplashJava was originally designed with security in mind, which makes its present-day reputation for being insecure unfortunate. Yet it is probably inevitable that the flaws of a twenty-five-year-old language would be discovered and exploited. Especially with a language ... Read More

We answer some common questions about compliance and provide tips for making it work for high-performing Dev teams.Photo by Thomas Thompson on UnsplashMore often than not, when people hear the word “compliance” they assume it will be a roadblock to speed. For DevOps teams, reduced speed and productivity undermine their goals. At ... Read More

A developer’s introduction to compliance standards like PCI-DSS, HIPAA, and GDPR.Photo by Andrew Neel on UnsplashAs data breaches increase in frequency and scope, more governmental entities focus on using the stick rather than the carrot to prevent them. Compliance standards and regulations set baseline, minimum security controls that establish basic cyber hygiene ... Read More

Photo by Mockup Graphics on UnsplashHealthcare providers increasingly use mobile apps and web applications as part of the move to telemedicine. As of July 2021, analyst McKinsey noted that telehealth utilization had stabilized at levels 38 times higher than before the COVID pandemic. Additionally, McKinsey pointed out that investment in virtual ... Read More

Top ten OWASP resources that improves your application securityEmployee cybersecurity training is ranked as one of the top three categories where many companies are increasing security spending. This demand for better training highlights the incredible value offered by OWASP, the Open Web Application Security Project. OWASP is a non-profit organization ... Read More

What Application Developers Need to Know About HIPAA CompliancePhoto by Alexander Sinn on UnsplashIncreasingly, patients want to access their healthcare information using mobile applications or web applications. Instead of calling a doctor’s office, they want instant access to their records. According to the Office of the National Health Coordinator for Health ... Read More