The news broke yesterday that Equifax had a massive breach that leaked personal information including Social Security Numbers, names and Drivers License numbers. The scope of this breach is staggering: 143 million records.
Every time someone comes to me for career advice, or asks where I think they should look for their next big opportunity, I say – “Consider a career in cybersecurity.” It is a huge field with a broad spectrum of job opportunities.
In this article, I’m going to help you interpret how the different parts of this cybersecurity regulation touch on AppSec – that is, your websites, your mobile applications, your internal payment systems and networked third-party services.
Pioneer and innovator in application security, WhiteHat has been an early adopter of the technologies driving digital transformation across the business with voice search.
The WhiteHat Sentinel Application Programming Interface (API) can help you out. Whether you’re looking to bring information into your own ticketing system, a SIEM, a new set of developer tools, or even a home-grown environment, we hope you’ll find pointers to the documentation which will help make it easy.
The CopyCat malware exploits some known vulnerabilities in older versions of Android which allows an attacker to root the victim’s phone. It then can install applications and will hijack ads from your phone, effectively paying the attacker each time an ad pops up.
Applications are literally at the core of our digital lives, so it’s more important than ever to ensure that enterprises of all types can provide safe digital experiences. We hope this report provides valuable insights and recommendations on how to secure the apps that drive your business.
There's another 'worldwide' attack known as Petya Ransomware and it's spreading quickly - learn about it first from WhiteHat Security.
I saw another meme go by on Facebook. This one challenged everyone’s memory to name all their Elementary School teachers. And I had more than ten friends participate, which resulted in me yelling at my computer screen again.
Network-connected Internet of Things (IoT) are growing in popularity in homes and businesses, from smart cities and buildings to cars and medical devices. Attempts to subvert or compromise critical functions in organizations due to insecure IoT devices and applications are on the rise and in the news.
IDC predicts that by 2020, data breaches will affect nearly 25% of the world’s population.
Mentor the children of today to be leaders & entrepreneurs of tomorrow.
The question on a lot of peoples’ minds is, “Why was this allowed to happen, wasn’t there a fix?”. Microsoft did indeed release a fix for the SMB vulnerability that ultimately was exploited by the WannaCry attack some months ago. If this patch was available, why didn’t everyone patch? Why were that many systems vulnerable?
The WannaCry attack has gained worldwide notoriety for how quickly and far reaching it has spread. At the heart of the issue was a vulnerability in Microsoft's product that left unpatched systems vulnerable to attack.
This Top 10 list is for you — developers and software engineers — designing mobile apps today.
A large scale cyber attack of hospitals across England has staff and patients reeling. The fallout has serious impacts on individuals’ healthcare, as everything from patient records and prescriptions to surgery schedules are inaccessible.
Every step has led me to where I am today, leading the Sales Engineering organization for WhiteHat Security. It’s a great opportunity to help my team demonstrate to organizations how application security works in a hands-on demonstration, and how to architect their AST solutions. But how did I get here?
There are compelling reasons to evaluate using a SAST platform like WhiteHat Sentinel Source, instead of using a point solution to run SAST scans.
Social skills were on my mind. Listening to women describe their problems, it struck me how many of them had to do with stereotypes and unwritten social expectations. It's the end of Autism Awareness Month as I write this and It's a coincidence that I'd been diagnosed with autism at age 34.
As I was reading the proposed OWASP Top 10 for 2017 and preparing to submit my input, I thought I’d provide a brief recap of the changes here, and share the two large changes that stood out for me.
In the first webinar Introduction to Application Security for Developers, WhiteHat geared towards training and certifying developers to be secure coders.
With the recent emphasis on application security, organizations now strive to fix web app security vulnerabilities earlier in the SDLC, before apps are deployed in order to lower the risk of potential data breaches.
Follow on to the Growing the Role of Women in AppSec webinar held on 3/23. Here's another real-world anecdote of how to move from no skills into tech and security, along with all the Q&A we didn't get to on the Webinar.
So now that I’ve established myself as a lover of FB and social media, may I ask that you all please carefully consider which additional new and (worse) seldom-used applications that you grant permission to “Log On with Facebook?” (Or Google+, or Twitter – I’m not just targeting any one federated login mechanism.)
This week, it was reported that certain versions of the Apache Struts 2 Framework are vulnerable to Remote Code Execution attacks.
But then we got mobile devices, and executives fell in love with tablets. And then smart objects, from buildings to cars and medical devices. The boundaries of the network keep growing, but we security experts keep saying that the user is the weakest link.
With the migration towards digital transformation and the onslaught of cyber attacks, we need a “Security Facts” label so that we as consumers may make more informed decisions about the risk we are inheriting from the use or acquisition of applications.
WhitHat Security is pleased to kick off the WhiteHat Certified Secure Developer (WCSD) Program. It is open to all developers free of charge and gives developers that essential jumpstart into understanding app security at a deep technical level.
As we head into the new year, we thought we’d share our 5 most watched webinars of 2016. Like “must see TV”, these are well worth taking the time to watch and learn from!
Kate and I created a webinar together describing her penetration test methodology and results, followed by my description of how Sentinel’s Dynamic scanning and Sentinel Source analysis would identify this vulnerability, as well as best practices in application security coding to avoid it.