NIST proposes Secure Software Development Framework

cyber-security-framework

Ever since Bill Gates fired off his famous Trustworthy Computing memo in January 2002, developing secure software has been a hot topic of discussion. It was important before then, for sure, but it was often overlooked. It took a series of high-profile worms such as Code Red and Nimda and a series of breaches to […]

How application security testing needs to change in an agile, DevOps world

security-text-on-screen

In today’s dynamic cyber-attack landscape, a robust security strategy that looks at all attack surfaces is critical. Enterprises must tirelessly assess their current state of readiness and continually improve governance and processes to stay a step ahead of malicious actors. Applications are one of the preferred attack vectors with up to 90% of successful breaches […]

Gestor de contraseñas: ¿herramienta segura o vulnerable?

Seamos realistas: las contraseñas no son sólo un incordio, encima ni siquiera logran ser seguras. El ciudadano medio tiene docenas de combinaciones de nombre de usuario y contraseña que debe recordar y muchos llegan a acumular cientos de combinaciones que no utilizan. Es imposible recordarlas todas, y ese es un gran motivo para que la […]

Password managers: Secure tool or single point of weakness?

Let’s face it: Passwords are not only a hassle, they also don’t make the most effective locks. The average person has dozens of username and password combinations to remember. People who are very active online have hundreds of such combinations. It’s just impossible to remember them all, and that’s a big reason why people tend to use the same password […]

Want to improve app security? Do this one thing

While it’s certainly not surprising that simply beginning an application security program reduces application security risks, it is good news. According to application security firm Veracode’s seventh annual State of Software Security (SoSS) report, an impressive 46 percent reduction in flaw density can be achieved just by putting in place formal application security processes and application security scanning. When good […]