In the current world climate of a global pandemic, many companies have transitioned to working from home. But there are many professionals, including myself, that have worked from home even before the emergence of COVID-19. Working from home can be a difficult transition, especially if it was sudden, but there are many tips and tricks […]
Managing Consultant Brian Hicks shares some dos and don’ts of technical and process assessments for both formal and internal uses.
Dependency Checking Your Ruby Application Checking your application’s dependencies for known vulnerabilities is a critical, relatively low effort step you should take to secure your application, which you may have read about in another recent article: What is SCA? Compared to the wealth of tools used for dependency checking in, for example JavaScript, there’s not […]
One of the most prevalent issues that continue to vex application developers is weaknesses in database security that open us to exploit. Database security is a broad subject, and I will not cover all the security issues here but want to provide context and understanding around some of the more comment vulnerabilities. In this blog, […]
Before diving into WAF security, it’s important to note the difference between web servers and application servers. A web server is internet facing on the front end, while an application server is where the code resides and is not internet facing. Between the web server and app server, all the HTTPs encrypted data is decrypted […]
So you want an interesting and professional background when you present online? Given how increasingly prevalent online presentation is, you might want to consider the possibility of using a technique called Chroma Keying, also known as green-screen. What you’ll need: Green material – fabric or screen or poster board. Vivid and flat color works best. […]
As I mentioned in my previous post, this is a challenging time for agile teams as we are transitioning to being fully remote. Many are struggling to follow the agile principles, especially those that promote co-location and face-to-face communication. But even though we now find ourselves in a situation where these principles are challenging, it […]
DAST stands for Dynamic Application Security Testing, and it’s a blackbox suite of tools that really look at web applications on the front end. DAST looks at a running application looking for potential security vulnerabilities, architectural weaknesses, SQL injection, and cross-site scripting, among other security risks in the OWASP Top Ten. How is SAST different […]
SAST stands for Static Application Security Testing. SAST look through application source code for security defects, different issues written into the source code, and how the application is actually programmed to identify vulnerabilities that then have the potential being exploited. How is SAST different from DAST? SAST typically takes less time than running DAST, and […]
In the past several weeks, the world has experienced an unprecedented amount of change, and situations continue to evolve rapidly as each day goes by. It’s safe to say that many businesses are experiencing shifts, both major and minor, as they seek ways to maintain business continuity while heeding precautionary measures. Although there lies a […]
