DevSecOps is a practice that merges the work done by development (Dev), security (Sec), and IT operations teams (Ops) to deliver the most efficient and effective software development practices. But why is it still so rare? Let us take a look at the difficulties of implementing DevSecOps and ways to eliminate them. Why DevOps but […]
Who is responsible for the software development lifecycle (SDLC) in your business? It may seem like the CEO and/or Board of Directors are ultimately responsible for the SDLC. However, with changing times and regulations, such as the SEC’s crackdown on security incident reporting affecting enterprise CISOs like in the case of SolarWinds, the responsibility may […]
Weak passwords and password reuse are still some of the most serious concerns for cybersecurity. There are several ways to increase password security but they are often not adopted by users and administrators. Here’s how you can make sure that sensitive data in your web application is not compromised by malicious hackers due to insecure […]
DevSecOps is a relatively new approach to continuous software development processes in agile environments. It is an extension of DevOps (Development + Operations) that includes the automation of security. The order of component terms in the DevSecOps name, however, may lead to incorrect application security approaches. That is why some sources propose SecDevOps as a […]
Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF vulnerabilities let an attacker send crafted requests […]
All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of fixing them. You can find several detailed guides on how […]
In our old advertisements, you could often read that 70 percent of websites are hackable. The sad truth is, however, that every website and web application can be hacked, given enough time and resources. What makes a website or web application fall within the 70 percent mentioned above is not just vulnerabilities. Your website security […]
DAST has come a long way from its humble beginnings. Many businesses searching for web application security solutions are still apprehensive of DAST because they perceive it the way it was many years ago. DAST tools are often described as slow, not automated, not integrated, with limited reach and accuracy, and not usable for DevSecOps. […]
Broken link hijacking (BLH) is a type of web attack. It exploits external links that are no longer valid. If your website or web application uses resources loaded from external URLs or points to such resources and these resources are no longer there (for example due to an expired domain), attackers can exploit these links […]
In this cheat sheet, we will assume that: You are a developer or you know programming You have limited web application security knowledge You need to know how SQL injection attacks happen You need to know how to fix SQL injection issues in your code In this cheat sheet, you will learn: How do malicious […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC