OWASP Top 10
SQL Injection, XSS, and RCE Top List of Vulnerabilities in Internet-facing Applications
A new report on the top vulnerabilities in internet facing applications in 2020 was released recently by Edgescan, and found that 42% of the vulnerabilities found in these apps are SQL Injection ...
OWASP Top 10 Overview
OWASP is a very cool community dedicated to helping organizations build software that can be trusted. It came online in 2001 and was established as a non-profit in April of 2004. Its ...
Using a Software Bill of Materials (SBOM) is Going Mainstream
I read a couple of advisories by Caleb Queern of KPMG entitled, What Are SBOMs?, and, Which Teams In My Organization Can Help Reduce Risk Using SBOM’s? These articles bring a smile ...
Using Components with Known Vulnerabilities
When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against. However, It is ...
Combating the Continuous Development of Vulnerable Software
Most people in our industry know what the acronym CVE means. For those that may not, CVE stands for Common Vulnerabilities and Exposures. According to their website, CVE was launched in 1999 ...
New OWASP List Highlights API Security Holes
OWASP this month released a top ten list focused on application programming interfaces (APIs). The list summarizes the new vectors that attackers use today to breach APIs, and is intended to serve ...
The Three R’s of Software Supply Chains: Reject, Replace, and Respond
A great article from 2016 came up in a recent conversation. This article has come up a few times in my conversations about DevSecOps since it was first published. Justin Smith’s The ...
5 Steps to Integrate SAST Tools with DevSecOps
Static application security testing, or SAST, is the process to test the source code to find any security defect in the code or its vulnerabilities. In the application security assurance program, SAST ...
