Blog

During the current pandemic, cybercriminals are specifically targeting healthcare, pharmaceutical, and medical research organizations working on developing a vaccine for the virus.

Gartner just published its 2020 Magic Quadrant for Application Security Testing (AST), and we’re pleased to be named a Leader! This is the fifth time that WhiteHat has been acknowledged as a Leader in this report.

As 2019 draws to a close and we reflect on our accomplishments and determine how we can improve in the year ahead, it’s become a year-end tradition for us (and extremely valuable) to look back and share the major application security lessons we’ve learned individually as a team.

This decade has seen an unprecedented number of connected systems and devices, automated delivery systems and increased mobile device usage in the healthcare industry.

The RSA Conference (March 4-8, 2019) kicks off today in San Francisco, serving as a timely and important reminder of the criticality of securely building products in an increasingly unsafe digital world.

IT security is a massive concern for many organizations of all shapes and sizes. The consequences of a security failure are often drastic, sometimes terminal. Over recent years, there has been a relentless upward trajectory in spending on IT security, and there are no signs of that trend abating.

Today’s applications touch millions if not billions of people on a daily basis. With virtually every business using applications to grow, they are critical to companies’ success—yet the vulnerabilities and risks associated with them continue to increase exponentially.

With Black Friday and Cyber Monday quickly approaching, the deals have already begun. 2018 is expected to be yet another year for record-setting sales figures, continuing the growth of the holiday from its induction.

Since 2013, WhiteHat Security has provided customers the ability to include a dynamically generated trust mark on their companies’ websites, indicating that WhiteHat manages their sites’ security.

In a representative democracy like the United States, voting is a fundamental right, privilege and civic duty. The infrastructure of our electoral process is critical to governing in the U.S., and election security should be of the utmost importance. But is it easy to hack an election?

As discussed last week, many states are failing to take appropriate responsibility - not only to ensure that our voting machines work, but that they’re secure. Is there hope that we can still encourage a change before November? As with anything else, change is often difficult and time consuming.

Facebook announced this morning that between 50 and 90 million accounts have been breached due to unnamed hackers stealing the access tokens of other users ...

As Vulnerability Management systems move from CVSS v2 to v3, WhiteHat scoring keeps up.

Bank Websites and insufficient process validation – A recipe for Fraud

Angular Frameworks on a TypeScript back end: Security improvements for API calls with a warning

As web applications become more complex due to the use of various technologies, so will the attack surface of the applications that implement these technologies. Applications that utilize JSON to populate application content are just one example.

The news was just released that a massive breach hit Uber in October of 2016. The personal information of 57 million Uber users and 7 million Uber drivers were stolen, including names, email addresses and phone numbers.

The WhiteHat Sentinel Application Programming Interface (API) can help you out. Whether you’re looking to bring information into your own ticketing system, a SIEM, a new set of developer tools, or even a home-grown environment, we hope you’ll find pointers to the documentation which will help make it easy.

The CopyCat malware exploits some known vulnerabilities in older versions of Android which allows an attacker to root the victim’s phone. It then can install applications and will hijack ads from your phone, effectively paying the attacker each time an ad pops up.

I saw another meme go by on Facebook. This one challenged everyone’s memory to name all their Elementary School teachers. And I had more than ten friends participate, which resulted in me yelling at my computer screen again.

This Top 10 list is for you — developers and software engineers — designing mobile apps today.

Every step has led me to where I am today, leading the Sales Engineering organization for WhiteHat Security. It’s a great opportunity to help my team demonstrate to organizations how application security works in a hands-on demonstration, and how to architect their AST solutions. But how did I get here?

There are compelling reasons to evaluate using a SAST platform like WhiteHat Sentinel Source, instead of using a point solution to run SAST scans.

With the recent emphasis on application security, organizations now strive to fix web app security vulnerabilities earlier in the SDLC, before apps are deployed in order to lower the risk of potential data breaches.

So now that I’ve established myself as a lover of FB and social media, may I ask that you all please carefully consider which additional new and (worse) seldom-used applications that you grant permission to “Log On with Facebook?” (Or Google+, or Twitter – I’m not just targeting any one federated login mechanism.)

This week, it was reported that certain versions of the Apache Struts 2 Framework are vulnerable to Remote Code Execution attacks.

But then we got mobile devices, and executives fell in love with tablets. And then smart objects, from buildings to cars and medical devices. The boundaries of the network keep growing, but we security experts keep saying that the user is the weakest link.

With the migration towards digital transformation and the onslaught of cyber attacks, we need a “Security Facts” label so that we as consumers may make more informed decisions about the risk we are inheriting from the use or acquisition of applications.

As we head into the new year, we thought we’d share our 5 most watched webinars of 2016. Like “must see TV”, these are well worth taking the time to watch and learn from!

Kate and I created a webinar together describing her penetration test methodology and results, followed by my description of how Sentinel’s Dynamic scanning and Sentinel Source analysis would identify this vulnerability, as well as best practices in application security coding to avoid it.