Web Security Zone
7 steps to avoid uncoordinated vulnerability disclosure
Imagine the following situation. You work as a cybersecurity manager for a company that owns the website www.example.com. One day, your sales department receives an email from an unknown individual. The sales ...
Red teaming – 5 tips on how to do it safely
Red team vs blue team exercises are a very effective method to evaluate the security posture of your business. However, red teaming, due to its adversarial approach, carries certain risks that must ...
Considerations for web application remediation testing
It seems that most application security discussions revolve around initial vulnerability scanning and penetration testing. You’ve got to start somewhere. The thing is many people often stop at that point. Vulnerabilities are ...
Four ways to combat the cybersecurity skills gap
The lack of cybersecurity talent is nothing new. It’s a problem that all businesses have been facing for several years and it’s getting worse. There have been many proposals on how to ...
Four ways AppSec analytics help your DevSecOps pros work smarter, not harder
What’s in a number? For DevSecOps professionals, the answer is “a lot.” Analytics in application security (AppSec) hold immense power, helping teams decide where to focus their priorities and pick up on ...
Invicti’s Spring 2022 AppSec Indicator highlights unrelenting direct-impact flaws
The spring 2022 edition of the Invicti AppSec Indicator has arrived hot off the presses, and it underscores some alarming trends for severe web vulnerabilities. The data shows that direct-impact flaws are ...
Critical alert – Spring4Shell RCE (CVE-2022-22965 in Spring)
On March 31, 2022, a serious zero-day vulnerability was discovered in the Spring framework core, which is an open-source framework for building enterprise Java applications. The vulnerability, dubbed Spring4Shell (similar to Log4Shell) ...
How often should you test your critical web applications?
When it comes to web application security, the concern is not whether you should test but, rather, how often you should test. Many people scan for web vulnerabilities using dedicated vulnerability scanners ...
Trends that underscore the seriousness of the cybersecurity skill gap
It is no secret that there’s a glaring skills gap in cybersecurity. Learn more about the trends impacting AppSec success and the steps that can help bridge gaps in DevSecOps workflows. Under ...
DevSecOps vs. SecDevOps
DevSecOps is a relatively new approach to continuous software development processes in agile environments. It is an extension of DevOps (Development + Operations) that includes the automation of security. The order of component terms ...