The Preventative, Developer-Driven Approach to Software Security
The focus on automation, tooling and reactive responses to cyber threats can no longer stand alone against an increasingly sophisticated threat landscape, where attackers are also employing advanced tools to successfully breach even the most protected networks and systems. What ... Read more
Future Frontiers: Why Developers Need to Go Beyond the OWASP Top 10 for Secure Coding Mastery
In 2021, we usher in a new era for the fabled OWASP Top 10. This latest release reveals some significant shake-ups, with Injection flaws finally being toppled from the top spot in favor of Broken Access Control vulnerabilities. Brand new ... Read more
OWASP Top 10 API: Strategies for Smart Developers
Threats to cybersecurity these days are ubiquitous and relentless. It’s become so bad that trying to keep up with them after programs are deployed has become almost impossible. However, in this age of DevSecOps, continuous delivery, and more data paydirt ... Read more
Application Security: The Best/Worst Is Yet to Come
In the wake of recent high-profile breaches, all eyes are on application security. Yet, application security hasn’t always received the attention during the application development process it deserves. Many organizations deploy applications with known vulnerabilities to meet their deadlines, with ... Read more
Adopting a Strategic Mindset for Cloud-Native Application Protection
With more applications being developed in a cloud-native fashion, using containers and serverless architecture, organizations should think about smarter, more efficient and more reliable ways to protect their applications. Cyberattackers are more innovative and are achieving more success in compromising ... Read more
Identity: The Real Key to Security
Identity and access management (IAM) has long been touted as an effective way to ensure data security by providing access only to those who have the correct permissions. In today’s increasingly distributed IT environment, more organizations look for zero-trust computing ... Read more
The Cloud Has Evolved. Are Your Security Tools Keeping Pace?
Organizations that purchased early cloud security products are finding that those tools are not able to keep up with dynamic environments ruled by APIs and microservices in dynamic containerized environments, not to mention server instances that are constantly scaling up and down. The future of cloud security demands an automated ... Read more
Lacework
Cisco Tetration: Securing All Phases of the Hybrid Cloud Journey
Tetration is a solution that offers many unique capabilities that are particularly well suited to help enterprises at all phases of hybrid cloud transformation, regardless of whether that journey is just beginning with a few virtual workloads or a small public cloud deployment or encompasses a vast, global data center ... Read more
Cisco
Enterprise SSL Solutions: A Buyers Guide
Having SSL certificates, or what are now officially known as TLS certificates, has always been a requirement for corporate IT organizations. Certificates encrypt data as it is being transferred between servers and web-facing browsers as well as protect data as it moves between servers. Certificates also play a critical role ... Read more
Sectigo
How the New COVID-19 Normal Will Accelerate the Shift from Tokens to Digital Certificates
Among the most common methods employed to verify identity are hard and soft tokens. Hard tokens most often take the form of a USB “dongle” or a magnetic swipe card embedded in a badge used to access everything from a local office to a data center containing millions of dollars ... Read more
Sectigo
Managing the AppSec Toolstack
The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge ... Read more
Security Boulevard
Candid Cliff Notes: How to Select the Right Pentest
In today’s IT environment, one of the biggest risks to a corporation’s valuation is a security breach. But how does a security team apply their budget in a way that ensures the applications, websites, and other assets are secure? Security Vendors make wide claims about the effectiveness of their products—making ... Read more
Synack
From Monolithic to Modern: The Imperative for Flexible Web App and API Protection Everywhere
Seismic shifts in software development are driving the need for a new breed of flexible security solutions. Legacy web application firewalls (WAF) predate the growth of cloud-native apps and daily release cycles. Modern applications require scalable security, meaning effective defenses that operate where applications are deployed. A comprehensive web app ... Read more
Signal Sciences
Pentest as a Service Impact Report 2020
The goal of this study by Rain Capital’s Dr. Chenxi Wang is to understand the specific benefits and challenges of deploying a Pentest as a Service (PtaaS) solution in a modern software development environment, as well as to compare the SaaS model with traditional, legacy pentest services. The report also examines the impact ... Read more
Cobalt
A Comprehensive Guide to Building a Pentest Program
This guide outlines the best way to build a formal pentesting program to ensure continuous security coverage, using a Pentest as a Service (PtaaS) approach. By planning these programs annually, security leaders can ensure full coverage of assets and identify the depth of coverage needed for each ... Read more
Cobalt
Tackling the 3 Biggest API Security Challenges in Real-World Deployments
In today’s world of digital transformation and DevOps growth, APIs have become increasingly important to innovation and business agility. They also stand at the nexus of many new security threats. The good news is that organizations are growing increasingly aware about the dangers of API threats and are taking action ... Read more
Salt Security
