Speed to market has been everything in the software development world. But over time we’ve discovered that speed alone cannot remain the end all be all. The majority of data breaches have to do with web application security vulnerabilities; and therefore, security must become part of the software development equation.

There is no 100 percent secure, completely flawless computer program, yet security practices are often an after thought in programming. But even with the best security practices 'baked into' the software life cycle (SLC), there is still the possibility of a zero-day vulnerability existing in the code.

As Vulnerability Management systems move from CVSS v2 to v3, WhiteHat scoring keeps up.

Many applications on the Web have role-based access controls, with different functionalities for each role which determines what a user can do and which content they see.

Our static code analysis colleagues over at RIPS Technology have a good write-up about a recent chain of vulnerabilities they discovered in an open-source application named LimeSurvey. 

As you’ve probably read, there is a serious vulnerability in the WPA2-PSK protocol that almost all WiFi traffic uses. This vulnerability is being called ‘KRACK’, which stands for Key Reinstallation Attack.

WhiteHat Scout is a fully automated static analysis product to develop secure software from the start for successful DevOps implementations.

In this article, I’m going to help you interpret how the different parts of this cybersecurity regulation touch on AppSec – that is, your websites, your mobile applications, your internal payment systems and networked third-party services.

The WhiteHat Sentinel Application Programming Interface (API) can help you out. Whether you’re looking to bring information into your own ticketing system, a SIEM, a new set of developer tools, or even a home-grown environment, we hope you’ll find pointers to the documentation which will help make it easy.

Every step has led me to where I am today, leading the Sales Engineering organization for WhiteHat Security. It’s a great opportunity to help my team demonstrate to organizations how application security works in a hands-on demonstration, and how to architect their AST solutions. But how did I get here?

In the first webinar Introduction to Application Security for Developers, WhiteHat geared towards training and certifying developers to be secure coders.

This week, it was reported that certain versions of the Apache Struts 2 Framework are vulnerable to Remote Code Execution attacks.

WhitHat Security is pleased to kick off the WhiteHat Certified Secure Developer (WCSD) Program. It is open to all developers free of charge and gives developers that essential jumpstart into understanding app security at a deep technical level.

After a lot of coordination, research, voting by the community and judging - learn the Top 10 Web Hacking Techniques of 2015.

These cookies hold the reference to the session identifier for a given user, and the same identifier − along with any session-scoped data related to that session id − is maintained server-side.