Computer Science
XKCD ‘Assigning Numbers’
via the comic artistry and dry wit of Randall Munroe, resident at XKCD! Permalink ...
8 AppSec Metrics You Should Be Monitoring
We take a look at 3 important AppSec tools and 8 metrics you should track over time.Photo by Isaac Smith on UnsplashWhat is not monitored is not measured. Application Security today is an increasingly ...
Modern AppSec Tools Must Focus on Reducing Attackability, Not Chasing Bugs
Developers need findings with higher context, not additional findings, in order to make applications secure in today’s environment.Photo by Johnson Wang on UnsplashFor too long, application security vendors have been focused on finding ...
Pegasus — The Humanitarian Costs of Insecure Code
Pegasus — The Humanitarian Costs of Insecure CodeA look at the nature and effects of legal, advanced spyware on application securityPhoto by MarÃlia Castelli on UnsplashTypically, stories about cyber attacks grab the reader’s attention by describing ...
What a False Negative is and why it should be your primary criteria for a SAST tool
Photo by Jeremy Bezanger on UnsplashIn our earlier post, we discussed False Positives and why having some of them is a good thing for your teams. This blog is about a term that ...
Customer Driven RBAC
This article will explore our journey toward implementing customer-oriented, role-based access control to ShiftLeft CORE.Photo by Martin Adams on UnsplashSome backgroundShiftLeft is a very opinionated service when it comes to our core. We ...
CWE-79
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)Image by Markus Spiske from Pixabay.CWE-79, otherwise known as cross-site scripting (XSS) attacks, refers to a vulnerability that compromises end-users’ interactions with an ...
5 Trends in Computer Science Research
We are in the digital age where our lives depend on the internet of things. A career in computer science attracts the highest starting points in salaries. Career opportunities are numerous and ...
How to Prevent Supply Chain Attacks by Securing DevOps
Best practices for securing the software supply chainPhoto by Andy Li on UnsplashIn the wake of several highly publicized supply chain attacks, regulatory and media focus is shifting to address third-party software risk. The ...