All Blog Posts Tagged 'Application' (43)

Top 7 Vendors in Application Security Testing (AST) market at RSAC 2017

RSA conference is one of the leading security conference worldwide.  It creates tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape.

 

Application security testing are tools and services that helps you discover security vulnerabilities in all kinds of applications. Current application security practices/tools available broadly falls into following…

Continue

Added by Denise on November 29, 2019 at 3:30pm — No Comments

Learn about Web Application Firewall Key Use Cases

WAF is specialized firewall designed to protect  web applications (HTTP applications) from attacks such as cross-site scripting (XSS), SQL injection and other vulnerabilities that may exist. A WAF is able to detect and prevent unknown attacks by inspecting every HTML, HTTP/HTTPS, SOAP and XML-RPC data packet. Using WAF you can monitor the Input/Output traffic to your web applications. A WAF can also monitor access to web applications and can send access log data to other security tools…

Continue

Added by Denise on November 29, 2019 at 2:00pm — No Comments

Key Metrics for the Application Security Testing (AST)

Application Security Testing ( AST ) are tools and services that helps you discover security vulnerabilities in all kinds of applications. Current application security practices/tools available broadly falls into following categories:
  • Static Application Security Testing (SAST): Static application security testing tools analyzes the application source code to determine if vulnerabilities exist. IT is also referred to as White-box testing.…
Continue

Added by Denise on November 29, 2019 at 1:00pm — No Comments

Top 5 Vendors in Web application Firewall (WAF) market at RSAC 2017

RSA conference is one of the leading security conference worldwide.  It creates tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape. WAF is specialized firewall designed to protect  web applications (HTTP applications) from attacks such as cross-site scripting (XSS), SQL injection and other vulnerabilities that may exist in. It is able to detect and prevent unknown attacks by inspecting…

Continue

Added by pritha on November 28, 2019 at 5:30pm — No Comments

How to benchmark a web application security scanner?

There is a plethora of web application scanner; every one of which claims to be better than the other. It is indeed a challenge to differentiate between them. We need to benchmark the application scanner against hard facts and not marketing claims. Below are some of the most critical metrics against which you would like to benchmark web application scanner.

 

1. What is the rate of false…

Continue

Added by pritha on November 28, 2019 at 5:30pm — No Comments

Checklist To Assess The Effectiveness Of Your Vulnerability Management Program

From our experience of helping organisations in building their ‘Vulnerability Management’ program, we feel that one of the major challenge the security manager/management faces does not always know the reality on the grounds. Obviously, the management is extremely busy and has got too many priorities. It is natural to get into managing whirlwinds. So, I wanted to define a few questions which can help you to find out how robust is your application security management program and…

Continue

Added by pritha on November 28, 2019 at 5:30pm — No Comments

10 questions to ask before you start your Bug Bounty program…

Bug bounty programs are quite common these days with several of the biggest names in the industry have launched various avatars of the program. I have been asked by a few security managers and managements about should they launch a bug bounty program. Definitely bug bounty program has the advantage of crowd sourcing. However an organization should be mature and prepared enough to launch such a program. Here are some questions which shall tell you if you are prepared or not. You…

Continue

Added by pritha on November 28, 2019 at 5:30pm — No Comments

4 Areas where Artificial Intelligence Fails in Automated Penetration Testing

Formal Modeling and Automation is one of the things I love. I try to model everything and sometimes modeling helps and sometime it lands me in trouble. It helped me when I tried to model Penetration Testing and worked with my co-founder to design our first version of automated Penetration Testing Tool at iViZ. Where it did not help is in dancing. I think I am a poor dancer since my mind thinks modeling. By the time I model the step in my mind, I miss the beat. I believe there…

Continue

Added by pritha on November 28, 2019 at 5:30pm — No Comments

8 Questions to ask your Application Security Testing Provider !

Choosing the right Application Security Testing Service Provider is not always an easy task. By asking the right questions and knowing what answers to look for, you can conduct the thorough evaluation of the various vendors available in the market and make the most intelligent choice for your business.There are numerous options like buying tools, using cloud based testing providers or the traditional consultants. I have discussed making the right choice in…

Continue

Added by pritha on November 28, 2019 at 5:30pm — No Comments

Penetration Testing for E-commerce Applications

Over the past decade, E-Commerce applications have grown both in terms of numbers and complexity. Currently, E-Commerce application are going forward becoming more personalized, more mobile friendly and rich in functionality. Complicated recommendation algorithms are constantly running at the back end to make content searching as personalized as possible. Here we will learn about the necessity of penetration testing for E-commerce Applications.

 …

Continue

Added by pritha on November 28, 2019 at 5:11pm — No Comments

Source Code Analysis- How to Remediate your Vulnerabilities

The AppSec How -To:

Visualizing and Effectively Remediating Your Vulnerabilities: The biggest challenge when working with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous results. Developers are quickly overwhelmed trying to analyze security reports containing results that are presented independently from one another.

 

Take for example,…

Continue

Added by pritha on November 28, 2019 at 5:00pm — No Comments

Top 5 Application Security Technology Trends

Following are the top 5 Application Security Technology Trends:

1.    Run Time Application Security Protection (RASP)

Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself during…

Continue

Added by pritha on November 28, 2019 at 5:00pm — No Comments

16 Application Security Trends That You Can’t Ignore In 2016

Application Security has emerged over years both as a market as well as a technology. Some of the key drivers had been the explosion in the number of applications (web and mobile), attacks moving to the application layer and the compliance needs.

Following are 16 Application Security Trends which we believe the industry will observe in 2016.

 

1. Beyond Tools – Build Application Security…

Continue

Added by pritha on November 28, 2019 at 5:00pm — No Comments

5 Key Benefits of Source Code Analysis

Static Code Analysis: Binary vs. Source

Static Code Analysis is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. According to Gartner’s 2011 Magic Quadrant for Static Application Security Testing (SAST), “SAST should be considered a mandatory requirement for all IT organizations that develop or procure application”. In fact, in recent years we have…

Continue

Added by pritha on November 28, 2019 at 5:00pm — No Comments

Must Know Business Logic Vulnerabilities In Banking Applications

Over the last few years, our On-Demand and Hybrid Penetration Testing platform has performed security testing of applications across various verticals and domains including Banking, e-commerce, Manufacturing, Enterprise Applications, Gaming and so on. On one side, SQL Injection, XSS and CSRF vulnerabilities are still the top classes of vulnerabilities found by our automated scanning system, on the other hand however, there are a lot of…

Continue

Added by pritha on November 28, 2019 at 5:00pm — No Comments

SAST vs. DAST: How should you choose ?

This blog will provide information about SAST or Static Application Security Testing and DAST or Dynamic Application Security Testing. And also answer the common question of SAST vs DAST.

What is SAST?

SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running…

Continue

Added by pritha on November 28, 2019 at 4:30pm — No Comments

CISO Viewpoint: Safe Penetration Testing

Safe Penetration Testing – 3 Myths and the Facts behind them

Penetration testing vendors will often make promises and assurances that they can test your Web Applications safely and comprehensively in your production environment. So when performing Penetration Testing of a Web Application that is hosted in a Production Environment you need to consider the following myths and facts which can directly or indirectly end up causing…

Continue

Added by pritha on November 28, 2019 at 4:30pm — No Comments

Secure SDLC Program: “The Art of Starting Small”

I have seen several organizations trying to adopt secure SDLC and failing badly towards the beginning. One of the biggest reason is they try to use “Big Bang Approach”. Yeah, there are several consultants who will push you to go for a big project use the classical waterfall model to adopt secure SDLC. But that’s asking too much. Changing the habits of a group is not very easy.

 

Typically there is a big push back and…

Continue

Added by pritha on November 28, 2019 at 4:30pm — No Comments

Checklist: How to choose between different types of Application Security Testing Technologies?

This blog will provide the pros and cons of different types of Application Security Testing Technologies, and checklist to chose among them.

Static Application Security Testing (SAST)

SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running…

Continue

Added by pritha on November 28, 2019 at 4:30pm — No Comments

Benchmarking Web Application Firewall (WAF) Solutions

  • Today web applications are ubiquitous and in many cases, the primary source of engagement between the user and the organization. Traditionally, organizations relied on network security controls such as network firewalls and IDS/IPS as the primary defence mechanism even for applications, but that is a very flawed approach. Application security requires organizations to rethink their security strategy and not take a piecemeal view. There is a critical need for an evaluation…
Continue

Added by CISO Platform on November 28, 2019 at 4:00pm — No Comments

Monthly Archives

2019

2018

2017

2016

2015

2014

2013

2012

1999

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service