DAST vs. SAST: Fact check on static and dynamic application security testing

DAST vs. SAST: Fact check on static and dynamic application security testing

Getting lost in the AppSec acronyms and vendor claims? Here’s a quick guide to what the major web application security testing technologies can and cannot do – and why you should be ...
Which Application Security Testing Type to Deploy First?

Which Application Security Testing Type to Deploy First?

Over 50% of all data breaches originated from vulnerabilities in the application layer over the past several years. From remote code execution to SQL injections, attackers leverage known methods to exploit application vulnerabilities. The post ...
fuzz work

What is fuzz testing? What is it used to test for?

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information (FUZZ) into a product framework to recognize coding issues and security issues. Fuzz testing ...
IAST Integrate SAST Tools with DevSecOps

Identify Critical Security Vulnerabilities With IAST

Vulnerabilities in production code continue to increase, including vulnerabilities in open source codebases. According to a recent report from Synopsys, the number of open source vulnerabilities increased over the past year to ...
Security Boulevard
web application security banner

What to Include in Your Security Testing Provider’s Agreement?

Security testing is a vital part of not just compliance but overall website/ web application security. Regardless of the type of website security testing and the service provider chosen for. The post ...
What is the ROI of Checkmarx Application Security Testing (AST)?

What is the ROI of Checkmarx Application Security Testing (AST)?

When it comes to IT security initiatives, many enterprises struggle to quantify business value and return on investment (ROI), often viewing their security spend solely as an insurance expense – a must-have ...
Preventing Developer Burnout in the Age of Rapid Software Delivery

Preventing Developer Burnout in the Age of Rapid Software Delivery

“Burnout” happens across all jobs and industries, especially tech. However, developers have always been particularly at-risk of falling victim to burning out, and the COVID-19 pandemic, and the resulting digital shift driven ...
Application Security: Turbulence Often Leads to Transformation

Application Security: Turbulence Often Leads to Transformation

Most security and risk (S&R) professionals in our industry have heard of Top 10 Lists. For example, OWASP and their community of contributors have expanded their Top 10 security projects to include ...
On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53

On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53

This past March, the National Institute of Standards and Technology (NIST) released the NIST Special Publication 800-53, Revision 5, which was their final public draft revision. According to the abstract, “This publication ...
Integrating Checkmarx Security Results within GitLab

Integrating Checkmarx Security Results within GitLab

The automation and integration of Application Security Testing (AST) is essential for building out a true DevSecOps program. Automation is the easy part. Invoke a security scanners’ REST API or a command ...