HackDig : Dig high-quality web security articles for hacker

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:13882 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

Five Key IT Security Best Practices to Safeguard Your Expanding Business

A key theme of the recent Cybersecurity Nexus event in Washington, D.C. was the growing need for small and medium-sized businesses (SMBs) to adopt enterprise-like IT security best practices. In fact, SMBs might actually have an edge over the unrelenting competition they endure from larger enterprises because they are more proactive and nimbler in mitigating
Publish At:2017-10-22 05:00 | Read:3951 | Comments:0 | Tags:Application Security Retail Risk Management Application Secu

Don’t Sweep Web Application Penetration Testing Under the Rug

Web application penetration testing is one of the most critical components of your information security program. The exploitation of a web-related vulnerability could result in a massive breach, so web security must be front and center in any organization. However, I often see people sweep web security under the rug and fail to follow through on their find
Publish At:2017-09-21 00:50 | Read:3764 | Comments:0 | Tags:Application Security Risk Management Application Security Te

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:4299 | Comments:0 | Tags:Application Security Risk Management Application Development

Integrating the IoT Into Your Application Security Program

The Internet of Things (IoT) is here, but is your security program ready to handle it? For many reasons, such as network complexity, limited visibility, politics and other challenges that come along with emerging technologies in the enterprise, your organizations is likely underprepared. To get up to speed, a good place to start is your application security
Publish At:2017-08-02 12:30 | Read:3460 | Comments:0 | Tags:Application Security Network Application Security Testing Ap

In Case You Missed the Memo: What’s New in IBM’s Application Security Testing?

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss
Publish At:2017-06-28 14:55 | Read:3048 | Comments:0 | Tags:Application Security Cloud Security Risk Management Applicat

Incorporate Application Security Checks and Balances Into Your Organization’s Citizen Developer Initiatives

The first time I heard the term “citizen developer,” I thought it might be the name of a new blockbuster summer movie. However, citizen development has morphed from a trendy IT catchphrase to a powerful force that’s transforming the way organizations develop software. But as your organization opens its doors to citizen developers, how do yo
Publish At:2017-05-22 11:55 | Read:3229 | Comments:0 | Tags:Application Security Application Development Application Sec

Three Lessons From Test-Driven Development

“If it’s worth building, it’s worth testing. If it’s not worth testing, why are you wasting your time working on it?” — Scott Ambler, Enterprise Agile Coach In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years la
Publish At:2017-03-27 13:00 | Read:4169 | Comments:0 | Tags:Application Security Application Development Application Sec

Intelligent Code Analytics: Increasing Application Security Testing Coverage With Cognitive Computing

In a previous post, we examined how cognitive computing can greatly reduce the false positives and noise that are inherent in static application security testing (SAST). We also showed how the reduction of false positives can be done without impacting language coverage — i.e., decreasing the rule set — which is the approach of most application security offer
Publish At:2017-03-20 15:15 | Read:3316 | Comments:0 | Tags:Application Security Cognitive Analytics Application Securit

IBM Retains Leadership Position in 2017 Gartner Magic Quadrant for Application Security Testing

On March 3, 2017, Gartner released its periodic update to the Gartner Magic Quadrant for Application Security Testing, which analyzes vendors’ Static, Dynamic and Interactive Application Security Testing capabilities. We’re pleased to announce that IBM has maintained its position in the “Leaders” Quadrant for Application Security Test
Publish At:2017-03-08 04:55 | Read:4818 | Comments:0 | Tags:Application Security Application Security Testing Gartner Ga

Viva Las Vegas, and Viva Effective Application Security Testing Practices!

In Elvis Presley’s classic song, “Viva Las Vegas,” he sings the following lyrics: “How I wish that there were more than 24 hours in the day / Even if there were 40 more, I wouldn’t sleep a minute away.” Perhaps those lyrics describe previous visits you’ve made to Vegas. But do they also describe your experience of tr
Publish At:2017-03-01 18:35 | Read:2652 | Comments:0 | Tags:Application Security Risk Management Application Security Te

Application Security Testing: Resurgence of DAST for SDLC Integration and Scan Automation

Dynamic analysis security testing (DAST) works like a hacker-in-a-box, so to speak, by exploring and testing web applications and services via HTTP and HTTPS. DAST is one of the oldest automated application security testing (AST) techniques, tracing its roots to the mid-1990s. Since it interacts with live web applications and web services and automates hacke
Publish At:2017-01-20 19:45 | Read:4977 | Comments:0 | Tags:Application Security App Security Application Security Testi

10 Key Findings From the Ponemon Institute’s Mobile & IoT Application Security Testing Study

Today’s organizations are releasing mobile and Internet of Things (IoT) applications at a breathtaking pace. According to recent research, more than 4 million Android and iOS applications are currently in production, with thousands more being released every month. IBM client Cisco, meanwhile, predicted that the estimated value of the global IoT market
Publish At:2017-01-18 12:30 | Read:2803 | Comments:0 | Tags:Application Security Mobile Security Application Security Te

10 Application Security Testing Resources You Should Master and Share With Your Executive Team in 2017

Application Security Testing Takeaways From 2016 In my current role, I have the pleasure of routinely hearing our clients’ direct feedback regarding the application security issues they face. Across the board, they consistently refer to three main areas of concern: Securing executive buy-in and funding for major IT initiatives; Spending most of their
Publish At:2016-12-16 21:06 | Read:5286 | Comments:0 | Tags:Application Security Mobile Security Risk Management App Sec

Would You Like to Play an Application Security Game?

Why Are We Still Playing the Game? It happened again. The recent disclosure of devastating security vulnerabilities associated with certain Juniper devices has renewed discussions about best practices to prevent hacking of critical applications and the importance of effective application security protection. In this case, researchers found unauthorized code
Publish At:2016-01-08 09:10 | Read:3898 | Comments:0 | Tags:Application Security Application Security Testing Security I


Share high-quality web security related articles with you:)


Tag Cloud