There have been a few high-profile breaches in the news lately related to Magecart, including British Airways, Ticketmaster, and Feedify. For those who don’t know, Magecart is a hacker group whose modus operandi involves skimming credit card details with code tailored to the sites they infect ...
Bank Websites and insufficient process validation – A recipe for Fraud
Angular Frameworks on a TypeScript back end: Security improvements for API calls with a warning
As web applications become more complex due to the use of various technologies, so will the attack surface of the applications that implement these technologies. Applications that utilize JSON to populate application content are just one example.
Thanks to everyone who attended the first Crash Course Series webinar. As we ran out of time before answering all of the questions at the end (and thank you all for so much participation!), I thought I’d pull the unanswered and reply to them here in longer form than the time allotted.
While it’s difficult to get permission from one’s corporate communications team or legal department on chatting with vendors, I was able to secure an interview with one of our financial services customers who use both Dynamic and Source code scanning.
WhiteHat Scout is a fully automated static analysis product to develop secure software from the start for successful DevOps implementations.
Our aim in creating the Learning Labs is to help everyone – developers, security practitioners, and executives - understand the risks in all applications, help IT staff understand how application security fits into their wider security ecosystem, and help teach developers how to write more secure code to make business safer for customers.
In this article, I’m going to help you interpret how the different parts of this cybersecurity regulation touch on AppSec – that is, your websites, your mobile applications, your internal payment systems and networked third-party services.
I saw another meme go by on Facebook. This one challenged everyone’s memory to name all their Elementary School teachers. And I had more than ten friends participate, which resulted in me yelling at my computer screen again.
Network-connected Internet of Things (IoT) are growing in popularity in homes and businesses, from smart cities and buildings to cars and medical devices. Attempts to subvert or compromise critical functions in organizations due to insecure IoT devices and applications are on the rise and in the news.
There are compelling reasons to evaluate using a SAST platform like WhiteHat Sentinel Source, instead of using a point solution to run SAST scans.
Kate and I created a webinar together describing her penetration test methodology and results, followed by my description of how Sentinel’s Dynamic scanning and Sentinel Source analysis would identify this vulnerability, as well as best practices in application security coding to avoid it.