As Vulnerability Management systems move from CVSS v2 to v3, WhiteHat scoring keeps up.
Testing Single Page Applications for Broken Access Control Policies
Bank Websites and insufficient process validation – A recipe for Fraud
Thanks to everyone who attended the first Crash Course Series webinar. As we ran out of time before answering all of the questions at the end (and thank you all for so much participation!), I thought I’d pull the unanswered and reply to them here in longer form than the time allotted.
While it’s difficult to get permission from one’s corporate communications team or legal department on chatting with vendors, I was able to secure an interview with one of our financial services customers who use both Dynamic and Source code scanning.
As the news unfolds on Equifax and the latest and greatest of the Apache Struts hacks, a co-worker and I were talking about it amongst ourselves. “Why would someone leave a critical vulnerability unpatched for months?”, my co-worker asked in puzzled tones.
We’re pleased to announce a refresh of our Vulnerability Management overview tab.