Chief information security officers (CISOs) set the tone for establishing a security-conscious business environment. They are responsible for ensuring that the security professionals under them stay aware of the most common vulnerabilities hackers try to expl...
The CWE/SANS Top 25 is a list of the most dangerous common software errors that can leave your application vulnerable to bad actors. It’s put together by MITRE and the SANS Institute as part of the Common Weakness Enumeration (CWE) project. The list can help ...
Today’s app development processes are not complete without security integration. Security standards provide safeguards for companies to secure their apps and software from cybersecurity threats. NIST, OWASP, WASC, SEI CERT C and J, CWE, and BIZEC are part of ...
The challenge of cybersecurity continues to plague web and mobile applications. Hacking techniques are evolving as fast as technological advances. In response to such threats, the International Standardization Organization (ISO) developed the ISO 27001 framew...
Almost all modern software contains at least some open-source components. Open-source software simplifies the development process and speeds up the software development timeline. It’s also cost-effective in most instances because it’s free to use. However, op...
As a company’s applications and digital infrastructure grow in complexity, it will need a more methodological approach to management to maintain back-end functionality. Companies can benefit from visualizing their application architecture and its dependencies...
Once every few years, OWASP releases a Top 10 list, featuring the ten most significant security risks related to developing web applications. OWASP makes this information available to developers around the world, so they can design and deploy safer technologi...
Welcome to the final article in our blog series on the OWASP Top 10 Security Vulnerabilities. In this article, we’ll take a detailed look at OWASP Top 10 2017 A10 – Insufficient Logging & Monitoring. Audit Trail Vulnerabilities: Insufficient Logging and M...
In 2017, OWASP added a new vulnerability to the Top 10 list: A8 Insecure Deserialization, in place of the previous #8 vulnerability, Cross-Site Request Forgery. According to OWASP, “Insecure deserialization often leads to remote code execution. Even...
What is Access Control? Access control (authorization) determines which users can interact with what systems and resources within your company. When access control is broken, users could send unauthorized requests to your applications. Unauthorized access to ...
Today’s security professionals face a relentless barrage of alerts, a widening cybersecurity skills gap, and the constant pressure to do more with less. Manually triaging alerts, investigating incidents, and coordinating responses across disparate secur...
Common Weakness Enumeration (CWE) is a software and hardware weaknesses classification system. It’s an extension of the Common Vulnerabilities and Exposures (CVE) list compiled by MITRE. This federally funded, non-profit organization manages research and deve...
App and software breaches can have lasting consequences. They also aren’t going anywhere. Finding vulnerabilities in your app and code early is critical. Maintaining strong security practices during and after development is essential to protecting your business.
