October marks the 15th annual National Cyber Security Awareness Month. What began as a collaborative effort between government and industry has possibly never been more relevant than now, serving as a reminder to not only be more conscious of cybersecurity threats, but how we as individuals and businesses can proactively mitigate cyberthreats.

As web applications become more complex due to the use of various technologies, so will the attack surface of the applications that implement these technologies. Applications that utilize JSON to populate application content are just one example.

The news was just released that a massive breach hit Uber in October of 2016. The personal information of 57 million Uber users and 7 million Uber drivers were stolen, including names, email addresses and phone numbers.

While it’s difficult to get permission from one’s corporate communications team or legal department on chatting with vendors, I was able to secure an interview with one of our financial services customers who use both Dynamic and Source code scanning.

WhiteHat Scout is a fully automated static analysis product to develop secure software from the start for successful DevOps implementations.

The WhiteHat Sentinel Application Programming Interface (API) can help you out. Whether you’re looking to bring information into your own ticketing system, a SIEM, a new set of developer tools, or even a home-grown environment, we hope you’ll find pointers to the documentation which will help make it easy.

This Top 10 list is for you — developers and software engineers — designing mobile apps today.

Follow on to the Growing the Role of Women in AppSec webinar held on 3/23. Here's another real-world anecdote of how to move from no skills into tech and security, along with all the Q&A we didn't get to on the Webinar.

So now that I’ve established myself as a lover of FB and social media, may I ask that you all please carefully consider which additional new and (worse) seldom-used applications that you grant permission to “Log On with Facebook?” (Or Google+, or Twitter – I’m not just targeting any one federated login mechanism.)

With the migration towards digital transformation and the onslaught of cyber attacks, we need a “Security Facts” label so that we as consumers may make more informed decisions about the risk we are inheriting from the use or acquisition of applications.

These cookies hold the reference to the session identifier for a given user, and the same identifier − along with any session-scoped data related to that session id − is maintained server-side.