DevOps has not yet become DevSecOps, leaving DevOps unsecured. Everyone speaks of it, but very few organizations have mastered it. This begs the question, why is adoption so low?
On August 15th, 2021, Vice reported that a hacker had breached multiple T-Mobile servers, affecting between 50 and 100 million US customers.
Organizations need to develop and deliver secure applications fast.
Going back a decade, credit reporting giant Experian has been the target of several major leaks and breaches.
Nearly every day, WhiteHat’s team of security researchers and executives are tapped to share their perspective and expertise with those reporting on the most high-profile cybersecurity issues that are continually shaping the industry’s landscape.
In January of this year, Ubiquiti notified its customers that there had been a breach affecting part of their IT stack that was “hosted by a third-party cloud provider”.
Each month, the AppSec Stats Flash reflects on the evolving threat landscape, tracks key AppSec metrics on an ongoing basis and brings forward key actionable takeaways for security and development teams who are responsible for the applications that run their business.
According to Postman, the development and adoption of APIs continues to skyrocket due to shifts in consumer, architecture and infrastructure trends.
It has been a little over three months since the SolarWinds Supply-Chain Attack was first discovered, but the full impact of this historic breach is still being revealed. Governments and corporations around the globe have been impacted by this attack, even those who are not clients of SolarWinds have been impacted by this attack.
Beneath the cynicism, hyperbole, market-making and FUD; the strategic importance of AI in Cybersecurity is only constrained by us ‘meatbags’.
This decade has seen an unprecedented number of connected systems and devices, automated delivery systems and increased mobile device usage in the healthcare industry.
A collaborative effort between government and industry, National Cybersecurity Awareness Month (NCSAM) is observed every October in an effort to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to stay safer and more secure online.
Server-side request forgery (SSRF) has been in the news recently for causing mainstream data breaches impacting hundreds of millions of consumers.
There have been a few high-profile breaches in the news lately related to Magecart, including British Airways, Ticketmaster, and Feedify. For those who don’t know, Magecart is a hacker group whose modus operandi involves skimming credit card details with code tailored to the sites they infect ...
Angular Frameworks on a TypeScript back end: Security improvements for API calls with a warning
Learn about new self-service features: Associated Host Names & BLA Scheduling.
Our static code analysis colleagues over at RIPS Technology have a good write-up about a recent chain of vulnerabilities they discovered in an open-source application named LimeSurvey.
As more and more organizations are embracing agile, fast waterfall, DevOps methodologies, a key cultural shift is happening towards bringing security closer to developers.
Software Composition Analysis (SCA) allows you to identify third-party and open source components that have been integrated into all your applications.
Using "HREF with Target" can have exploits and weaknesses - learn best practices from secure coding experts on preventive measures.
Week four of National Cyber Security Awareness Month is focused around a career in cyber security.
Week three of National Cyber Security Awareness Month is focused around connected devices.
As the news unfolds on Equifax and the latest and greatest of the Apache Struts hacks, a co-worker and I were talking about it amongst ourselves. “Why would someone leave a critical vulnerability unpatched for months?”, my co-worker asked in puzzled tones.
Our aim in creating the Learning Labs is to help everyone – developers, security practitioners, and executives - understand the risks in all applications, help IT staff understand how application security fits into their wider security ecosystem, and help teach developers how to write more secure code to make business safer for customers.
I saw another meme go by on Facebook. This one challenged everyone’s memory to name all their Elementary School teachers. And I had more than ten friends participate, which resulted in me yelling at my computer screen again.
Network-connected Internet of Things (IoT) are growing in popularity in homes and businesses, from smart cities and buildings to cars and medical devices. Attempts to subvert or compromise critical functions in organizations due to insecure IoT devices and applications are on the rise and in the news.
In the first webinar Introduction to Application Security for Developers, WhiteHat geared towards training and certifying developers to be secure coders.
Kate and I created a webinar together describing her penetration test methodology and results, followed by my description of how Sentinel’s Dynamic scanning and Sentinel Source analysis would identify this vulnerability, as well as best practices in application security coding to avoid it.