IAST
Can Your IAST Do This?
While Interactive Application Security Testing (IAST) is still a relatively new technology from the perspective of adoption, it has been around for over 10 years and some of the aspects and capabilities around IAST are well understood, such as ...
Experts Say Cyber Attacks Are Getting Worse
A new article on WNEP is reporting on experts who claim that cyber attacks are getting worse. Not surprising at the top of the list is ransomware attacks., which have made headlines, ...
Mitre Top 25 Software Weaknesses
In addition to OWASP finally updating the Top 10 Web Application Risks, this year Mitre also updated their Top 25 Most Dangerous Software Bugs, also known as the CWE Top 25. One ...
NIST SP800-53 Revision 5, One Year Later
It will be one year since NIST released their final version of SP800-53 Revision 5 on September 23, 2020. As a quick reminder SP800-53 is the document issued by NIST that specifies ...
OWASP Working Group Releases Draft of Top 10 Web Application Risks for 2021
The Open Web Application Security Project (OWASP) has released its draft Top 10 Web Application Security Risks 2021 list with a number of changes from the 2017 list (the last time the list ...
Traditional Application Security Tools Ineffective Against New And Growing Threats
A new article in Help Net Security covers some interesting new statistics that reflect the inability of current security tools to protect organizations against attacks happening on web applications. The article shares ...
Why WAFs Don’t Work According to a Hacker
A new article in SDXcentral talks about why WAFs (Web Application Firewalls) are insufficient protection according to a hacker. The topic of WAFs isn't new to K2 and we've covered their failures ...
Identify Critical Security Vulnerabilities With IAST
Vulnerabilities in production code continue to increase, including vulnerabilities in open source codebases. According to a recent report from Synopsys, the number of open source vulnerabilities increased over the past year to ...
IAST, IaC, Secrets: A Guide to App Sec Tools
Image by S. Hermann & F. Richter from PixabayWe covered several acronyms common in application security in a previous post: SAST, DAST, and SCA. We’ll continue our discussion on AppSec concepts today by ...
Too Many Vulnerability Reports? Not Enough Real Vulnerabilities?
One of the most common issues with security testing of applications is being inundated with vulnerability reports, containing too many vulnerabilities for a typical development team to handle. This includes reports from ...