OWASP Top Ten updates: what changed?OWASP updates the top 10 web application security risksPhoto by Scott Graham on UnsplashThe Open Web Application Security Project, or OWASP, is a non-profit organization dedicated to improving software security. They offer various services to help developers improve, including tools, social events, and educational resources. They also offer ... Read More

Pegasus — The Humanitarian Costs of Insecure CodeA look at the nature and effects of legal, advanced spyware on application securityPhoto by Marília Castelli on UnsplashTypically, stories about cyber attacks grab the reader’s attention by describing the damage inflicted on a company in large dollar amounts. While multimillion-dollar ransomware demands are shocking, they can ... Read More

How to integrate security into the SDLC successfullyThe world has an insecure software problem, which is why 84% of cyber attacks focus on the application layer. Two major factors have contributed to the writing of insecure code — cumbersome security analysis tools and a strong drive to reach the market quickly. For ... Read More

We review the different compliance standards that apply to the software development life cycle (SDLC) along with best practices for meeting them.Photo by Tolga Ulkan on UnsplashIt’s no surprise that developers are being asked to become security people. According to the 2021 Verizon Data Breach Investigation Report, basic web application attacks were ... Read More

How has cybersecurity changed in the four months since the White House mandate and where are we going?Photo by David Everett Strickler on UnsplashWhen the Executive Order on Improving the Nation’s Cybersecurity (Executive Order) was released in May 2021, it came with some very short deadlines for agencies. Most of the Executive ... Read More

To prevent cyberattacks, we need to focus on Application SecurityCyber attacks overwhelmingly occur at the application layer, yet the vast majority of IT security spending goes elsewhere. However, AppSec is not neglected because businesses are unwilling to address cybersecurity issues. In fact, the cybersecurity industry is poised to rake in ... Read More

And how to prevent ransomware attacksPhoto by NeONBRAND on UnsplashRansomware is making headlines in 2021 due to a string of successful attacks against high-profile targets. Ransomware is not a new threat, but the technology and tactics behind recent attacks are exposing organizations to new dangers.For example, traditional ransomware attacks simply encrypted the ... Read More

Why false positives in security tools could be a positive, and why you should not go after the lowest false positive rates possible.“We want a security tool with low false positives. Our developers are too busy.”“Our proof-of-concept process is to test a single repo with two tools, and we pick the ... Read More

How application security affects youPhilosopher Henry David Thoreau famously said, “There are a thousand hacking at the branches of evil to one who is striking at the root”. While this quote is not about the current state of cybersecurity, it certainly applies. Organizations worldwide spent approximately $123 billion (USD) on IT ... Read More

Improve the security of your software development pipeline by following these five simple stepsPhoto by Markus Winkler on UnsplashThe Secure Scorecard project, established by the Open Source Security Foundation (OpenSSF), sets out a series of eighteen “checks” to run against projects. These checks review open-source projects for various security controls. The checks ... Read More