application
A Pentester’s Guide to Input Validation
Input Validation is a fundamental concept of penetration testing. This guide is written for new pentesters and developers looking to bolster these core skills. The post A Pentester’s Guide to Input Validation ...
Thales to Buy Imperva for $3.6 Billion in Latest Cybersecurity Deal
French multinational Thales, whose broad reach extends into such areas as defense, aerospace and transportation, is continuing a multi-year spending spree in cybersecurity with plans to buy U.S. data and application security ...
Accurate, Useful Risk Scoring Demands Business Risk Observability
Delivering exceptional, secure application experiences means application development and security teams need visibility into the entire IT estate and ruthless prioritization. Detecting vulnerabilities is not enough. They need to see which vulnerabilities ...
Apple Suit Underscores Privacy Regulation Pressure
A lawsuit recently filed against Apple for violating the California Invasion of Privacy Act underscores not only that regulators are serious about holding companies to privacy strictures but also that companies that ...
Sandbreak vm2 Flaw is a 10 But Exposes Vulnerability of Sandboxes
As vulnerabilities go, the Sandbreak vm2 flaw is as potentially as severe as it gets, snagging a 10.0 CVSS score. The bug, CVE-2022-36067, should be immediately patched if it’s used with applications, ...
API Penetration Testing Explained
API pentesting is a frequently misunderstood area of application security. Let's review core concepts of API pentesting and look at how these assessments are performed. The post API Penetration Testing Explained appeared ...
Safeguarding Memory in Higher-Level Programming Languages
Consider an application written in a higher-level language like Python, NodeJS, or C#. This application must handle sensitive data such as banking credentials, credit card data, health information, or network passwords. The ...
Getting Application Security Back on the Rails
In its Interagency Report 7695, the National Institute of Standards and Technology (NIST) defined an application as “a system for collecting, saving, processing, and presenting data by means of a computer.” This ...
HIPAA Penetration Testing – A Primer for Healthcare Security
Curious about what HIPAA requirements mean for your pentest? Let's review some technical examples of why pentesting in healthcare is so unique. The post HIPAA Penetration Testing – A Primer for Healthcare ...
Black Box vs. Gray Box vs. White Box Pentesting Explained
Black Box, Gray Box, and White Box pentests have pros and cons. Here we lay out all the differences to help you decide which one fits best. The post Black Box vs ...