Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Learning from cloud transformation as we move to AI

Development teams of all sizes are embracing the excitement and possibility of using AI tools to build software. Coding assistants like Google Gemini and Github Copilot have the potential to accelerate development like never before, and developers are adopting these tools — whether or not leadership has officially approved them. As your team considers the best ways to adopt this new technology, this transition might feel like déjà vu.

How to secure Python Flask applications

Flask is a powerful, lightweight, and versatile web framework for Python, that's designed to make it easy for developers to develop web applications quickly with minimal boilerplate code. It's a stand-alone microframework that doesn't need any additional libraries or tools and has no database abstraction layer.

PTaaS guide | Choosing the right test environment

A major challenge for developing modern applications is ensuring their security. Penetration Testing as a Service (PTaaS) is a cloud-enabled approach that lets you proactively find and fix application vulnerabilities and protect your digital assets. A key step to using a PTaaS solution is selecting the right testing environments. This guide will help you understand the pros and cons of different testing environments, and decide which is best for your organization.

Symmetric vs. asymmetric encryption: Practical Python examples

Symmetric and asymmetric encryption are the two most common ways to protect sensitive data with cryptography. These methods use key(s) to transform an unencrypted message into an encrypted message (a ciphertext) that is extremely difficult to decrypt without the correct key(s). Symmetric encryption uses a single key to encrypt and decrypt data. In contrast, asymmetric encryption uses a pair of keys, a public and private key, to encrypt and decrypt sensitive data.

Cyber Defense Magazine names Forward Networks a Market Leader in Vulnerability Assessment, Remediation and Management at 12th annual Global Infosec Awards

During a very busy RSA Conference, Forward Networks was named a market leader in vulnerability assessment, remediation, and management at the 12th annual Global Infosec Awards hosted by Cyber Defense Magazine. This is the second consecutive year that Forward Networks has taken top honors in security.

NVD Update: More Problems, More Letters, Some Questions Answered

The past week has been a wild ride for those following all the hot goss’ on the National Vulnerability Database. Previously on The Code and the Vulnerable, we reported on the NVD slowdown that began in mid February. Since then, the NVD has been adding new CVEs, but has only enriched (with important information like CVSS and CPE) a very small fraction of them. If you need a breakdown of all these acronyms, definitely check out that first blog on this topic.

AppSec spring cleaning checklist

Something about the springtime sunshine and blooming flowers inspires many of us to start cleaning. For some, it might be tackling the backyard shed that accumulated cobwebs over the winter or that overflowing junk drawer in the corner of the kitchen. As you survey your home and yard and decide where to start cleaning, it’s also a great time to look at your application security program and see if any of your existing processes need some tidying up. Here are a few great places to start.