Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Why Patch Management Is Important and How to Get It Right

Many software developers tend to see patch management as another tedious security task that gets in the way of the development process. However, considering Forresters’s recent State of Application Security Report for 2020 predicted that application vulnerabilities will continue to be the most common external attack method, patch management is a critical part of the vulnerability management process that organizations can’t afford to neglect.

Application Security Testing: Security Scanning Vs. Runtime Protection

The application layer continues to be the most attacked and hardest to defend in the enterprise software stack. With the proliferation of tools aimed at preventing an attack, it’s no wonder the application security testing market is valued at US 4.48 billion. Forrester’s market taxonomy breaks up the application security testing tools market into two main categories: security scanning tools and runtime protection tools.

Our Favorite Web Vulnerability Scanners

Web vulnerability scanners crawl through the pages of web applications to detect security vulnerabilities, malware, and logical flaws. They do this by generating malicious inputs and evaluating an application’s responses. Often referred to as dynamic application security testing (DAST), web vulnerability scanners are a type of black-box testing; they perform functional testing only and don't scan an application’s source code.

License Compatibility: Combining Open Source Licenses

Free and open source software (FOSS) components have become the basic building blocks of our software products, helping today’s developers build and ship innovative products faster than ever before. Many developers tend to forget that while open source licenses are free, they still come with a set of terms and conditions that users must abide by.

Why You Need an Open Source Vulnerability Scanner

No one wants to be the next Equifax. Just thinking about their company’s name being in a headline along with the words “security breach” is enough to keep CISOs up at night. Much like Fight Club, however, the first rule of data breaches is: You do not talk about security breaches...unless you’re mandated by notification laws like GDPR. Even though organizations don’t reveal much publicly, their concern is reflected in the amount of money spent to prevent cyber attacks.

Dynamic Application Security Testing: DAST Basics

Application security testing (AST), which are tools that automate the testing, analyzing, and reporting of security vulnerabilities, is an indispensable part of software development. In a modern DevOps framework where security is shifted left, AST should be thought of as compulsory. And this has never been more important when you consider that Forrester reports the most common external attack method continues to be application weaknesses and software vulnerabilities.

Everything You Wanted to Know About Open Source Attribution Reports

Open source components are a major part of the software products we create and use. Along with the many advantages that using open source projects brings to software development organizations, it also comes with obligations and added responsibilities. One of these requirements is open source licensing compliance.

Interactive Application Security Testing: IAST Basics

Because applications and software vulnerabilities are the most common external point of attack, securing applications is a top priority for most organizations. An essential component for reducing this risk is application security testing (AST). In this blog, we focus on interactive application security testing (IAST), the relative newcomer in the AST market.

When's the Right Time for an Open Source Audit?

How much do you really know about your open source usage? Can you identify what open source components you’re using? How about which licenses are in play and whether you’re compliant? Do you have a good sense of how many open source security vulnerabilities are in your code base and how to remediate them? Chances are, if you’re like most organizations, you can’t answer all of these questions.