Application Security Review Process – A Case Study
Agile Feedback: 7 Agile Ceremonies and Processes That Benefit
What is application security, or AppSec? Let’s talk about web application security first. OWASP was created in 2001 and has been known as the best community for web application security. Volumes of online resources for web application security defects, security testing, and security projects have been produced by OWASP. Yet web application security is only […]
5 Work From Home Tips to Help You Through the Day
(…and 1 that Doesn’t!) In my last blog post, I discussed why agile feedback is such an integral practice for high-performing teams. Feedback allows teams to effectively collaborate, communicate, and iterate to create a high-quality, polished product. While these qualities are always important, practice is even more invaluable during a time of physical distancing. When […]
13 Ways to Improve Maintainability
In the current world climate of a global pandemic, many companies have transitioned to working from home. But there are many professionals, including myself, that have worked from home even before the emergence of COVID-19. Working from home can be a difficult transition, especially if it was sudden, but there are many tips and tricks […]
Dos and Don’ts of Technical and Process Evaluations
At a high level, maintainability defines the ease with which changes can be made correctly. Correctness in this sense means that the intended changes are made without introducing unexpected side effects. Code should be structured so as to be easily modifiable. Tests should be in place to prevent regression, ensuring that existing functionality is unaffected […]
Dependency Checking Your Ruby Application
Managing Consultant Brian Hicks shares some dos and don’ts of technical and process assessments for both formal and internal uses.
Database Security – A Pentester’s Notes
Coveros Conversations: Learning Journeys
One of the most prevalent issues that continue to vex application developers is weaknesses in database security that open us to exploit. Database security is a broad subject, and I will not cover all the security issues here but want to provide context and understanding around some of the more comment vulnerabilities. In this blog, […]
What is WAF?
Executive Vice President Mike Sowers and Senior Training Manager Stephanie Fender discuss how to implement a culture of continuous learning through learning journeys in our next Coveros Conversation.
What is SCA?
Before diving into WAF security, it’s important to note the difference between web servers and application servers. A web server is internet facing on the front end, while an application server is where the code resides and is not internet facing. Between the web server and app server, all the HTTPs encrypted data is decrypted […]
SCA stands for Software Composition Analysis. It’s a technique where you try to analyze the dependencies that your application includes to make sure that they don’t have any known vulnerabilities. In fact, up to 80% of the components that we include in our applications have some known vulnerability in them which can expose our applications […]