Dependency Checking Your Ruby Application

Dependency Checking Your Ruby Application Checking your application’s dependencies for known vulnerabilities is a critical, relatively low effort step you should take to secure your application, which you may have read about in another recent article: What is SCA? Compared to the wealth of tools used for dependency checking in, for example JavaScript,  there’s not […]

Read more
What is WAF?
WAF

Before diving into WAF security, it’s important to note the difference between web servers and application servers. A web server is internet facing on the front end, while an application server is where the code resides and is not internet facing. Between the web server and app server, all the HTTPs encrypted data is decrypted […]

Read more
What is SCA?
SCA

SCA stands for Software Composition Analysis. It’s a technique where you try to analyze the dependencies that your application includes to make sure that they don’t have any known vulnerabilities. In fact, up to 80% of the components that we include in our applications have some known vulnerability in them which can expose our applications […]

Read more
What is RASP?
RASP

RASP stands for Runtime Application Self Protection. Like IAST it’s agent based, so it watches your software run and tries to determine if something is attacking it. The goal of IAST is to try to determine if something’s attacking it by a certain behavior. RASP adds a layer to that by recognizing something’s attacking it […]

Read more
What is IAST?
IAST

IAST stands for Interactive Application Security Testing. The basic idea is that you have software that watches your application running, usually in a Java or .NET world that uses what’s called the profiling API, and it watches everything that happens in your application and tries to determine if that activity is somehow attacking the software. […]

Read more
What is DAST?
DAST

DAST stands for Dynamic Application Security Testing, and it’s a blackbox suite of tools that really look at web applications on the front end. DAST looks at a running application looking for potential security vulnerabilities, architectural weaknesses, SQL injection, and cross-site scripting, among other security risks in the OWASP Top Ten. How is SAST different […]

Read more
What is SAST?
SAST

SAST stands for Static Application Security Testing. SAST look through application source code for security defects, different issues written into the source code, and how the application is actually programmed to identify vulnerabilities that then have the potential being exploited. How is SAST different from DAST? SAST typically takes less time than running DAST, and […]

Read more
5 Tips to Turn Recorded JMeter Scripts into Reusable Tests

Load and performance issues can be difficult to resolve when found late in the software development lifecycle, yet teams still often wait until the last minute to performance test their applications. This can be costly, especially if the problem ends up being an issue with the overall architecture of the application. Load and performance testing […]

Read more
Selenified and LambdaTest
Selenified Process

I recently had the pleasure of being introduced to the team over at LambdaTest. LambdaTest runs a cross-browser cloud infrastructure that allows the execution of Appium and Selenium tests remotely. I was intrigued to learn more about their infrastructure and tooling, as it seemed like something that should fit in nicely with Selenified. I signed […]

Read more
X