How application security testing needs to change in an agile, DevOps world

security-text-on-screen

In today’s dynamic cyber-attack landscape, a robust security strategy that looks at all attack surfaces is critical. Enterprises must tirelessly assess their current state of readiness and continually improve governance and processes to stay a step ahead of malicious actors. Applications are one of the preferred attack vectors with up to 90% of successful breaches […]

Gestor de contraseñas: ¿herramienta segura o vulnerable?

Seamos realistas: las contraseñas no son sólo un incordio, encima ni siquiera logran ser seguras. El ciudadano medio tiene docenas de combinaciones de nombre de usuario y contraseña que debe recordar y muchos llegan a acumular cientos de combinaciones que no utilizan. Es imposible recordarlas todas, y ese es un gran motivo para que la […]

Logiciels de gestion de mot de passe : outil sécurisé ou point faible ?

Soyons honnêtes: au-delà du fait que se souvenir d’eux est parfois un casse-tête, les mots de passe ne sont pas en soi les verrous les plus efficaces pour protéger nos données. En moyenne, une personne a des dizaines de combinaisons de noms d’utilisateur et de mot de passe à retenir. Les personnes qui ont une […]

Password managers: Secure tool or single point of weakness?

Let’s face it: Passwords are not only a hassle, they also don’t make the most effective locks. The average person has dozens of username and password combinations to remember. People who are very active online have hundreds of such combinations. It’s just impossible to remember them all, and that’s a big reason why people tend to use the same password […]

Want to improve app security? Do this one thing

While it’s certainly not surprising that simply beginning an application security program reduces application security risks, it is good news. According to application security firm Veracode’s seventh annual State of Software Security (SoSS) report, an impressive 46 percent reduction in flaw density can be achieved just by putting in place formal application security processes and application security scanning. When good […]