HackDig : Dig high-quality web security articles

Static Code Analysis and You

I have been involved in several efforts to integrate static code analysis into software projects—none have been terribly successful. Most have resulted in hours of time spent identifying and removing false positives. So, when I read Travis Smith’s recent post about Fallible static code analysis, I was immediately struck with the need to add my two bits
Publish At:2017-02-02 01:45 | Read:4387 | Comments:0 | Tags:Security Awareness analysis code SDLC

7 Development AppSec Tricks to Keep the Hackers Away – Part 1

The mammoth rise in cybercrime has made organizations revise their application security strategy and implement new techniques to safeguard their software. This is largely because traditional security methodologies, such as Manual Testing and Web Application Firewalls (WAF), have been rendered irrelevant due to evolving hacking techniques.Unlike old times, mo
Publish At:2015-06-17 08:30 | Read:6423 | Comments:0 | Tags:Featured Articles Security Hardening AppSec Checkmarx SCA SD

Lightning OWASP Project Presentations at AppSec EU 2015

AppSec EU 2015 begins in two weeks. It is being held in Amsterdam at the Amsterdam RAI exhibition and conference centre.With the news yesterday that the number of conference attendee bookings has surpassed 400, together with the training, capture the flag competition, university challenge, application security hackathon, computer gaming, networking and organ
Publish At:2015-05-09 22:15 | Read:7391 | Comments:0 | Tags:requirements SDLC testing development owasp projects appsece

AppSensor CISO Briefing

Following the release of the Introduction for Developers in February, the OWASP AppSensor team has now created and published a new document aimed at Chief Information Security Officers (CISOs) and others with similar responsibilities.The CISO Briefing is a high-level overview, with pointers to the more detailed resources for specifiers, architects, developer
Publish At:2015-04-24 20:20 | Read:6079 | Comments:0 | Tags:incidents logging operation automation specification technic

Security and the SDLC: Integrating application security in developer environments

As we wind down the end of the year, I thought it would be good to talk about some big thinking in regard to vuln classification and prioritization. There are two common overlooked issues when enterprises attempt to secure themselves: 1. Once a company finds out about a vulnerability, how do they track it? A company can end up with tens of thousands of vulne
Publish At:2015-04-04 04:10 | Read:4231 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security S

Participate in the OWASP Project Summit in Amsterdam

The Open Web Application Security Project (OWASP) is supporting a project summit during the two days prior to the main AppSec EU conference.A project summit on Tuesday 19th and Wednesday 20th May has been announced and information published on the AppSec EU 2015 web site. The concept of the summit is to work on improving and extending project outputs with ot
Publish At:2015-03-31 15:30 | Read:5460 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Register Today for OWASP AppSec EU 2015 in Amsterdam

The leading application security training and conference event is being held in Amsterdam from 19th to 22nd May 2015. Register today.OWASP AppSec EU 2015 is being held in the Amsterdam RAI Convention Centre just a single train stop from both Schiphol Airport in one direction, and central station in the other.AppSec EU 2015 comprises:One and two-day training
Publish At:2015-02-27 16:20 | Read:5269 | Comments:0 | Tags:testing corrective operation maturity preventative technical

Report on an Evaluation of Application Security Assessment Vendors

Forrester Research published an evaluation of a dozen application security vendors in December.The researchers reviewed the market to identify application security assessment vendors that offer multiple capabilities, provide easy deployment and integration, are used by other Forrester clients and have competitive offerings.Their selection was Beyond Security
Publish At:2015-02-24 09:35 | Read:4695 | Comments:0 | Tags:vulnerabilities SDLC operation physical testing

Software Assurance Maturity Model Practitioner Workshop

The OWASP Open Software Assurance Maturity Model (Open SAMM) team are holding a summit in Dublin at the end of March.As part of the two-day Open SAMM Summit 2015 a full day is being allocated to software assurance practitioners and those who want to learn about using the vendor-neutral and free Open SAMM to help measure, build and maintain security throughou
Publish At:2015-02-21 02:50 | Read:5612 | Comments:0 | Tags:testing corrective standards maturity preventative technical

NIST SP 800-163 Vetting the Security of Mobile Applications

In the last of my run of three mobile app related posts, US standards body National Institute of Standards and Technology (NIST) has released Special Publication (SP) 800-163 Vetting the Security of Mobile Applications.SP 800-163 is for organisations that plan to implement a mobile app vetting process or consume app vetting results from other parties. It is
Publish At:2015-02-10 14:40 | Read:4911 | Comments:0 | Tags:corrective administrative preventative technical threats SDL

NISTIR 8018 - Public Safety Mobile Application Security Requirements Works

The previously mentioned draft NIST Interagency Report (NISTIR) 8018 has now been released in final version.he public safety mobile application security effort focuses on improving the mobile application development process, specifically the mobile application testing tools, by understanding and collecting the security requirements relevant to the public saf
Publish At:2015-01-27 23:15 | Read:4604 | Comments:0 | Tags:design SDLC development operation information assurance tech

London Cyber Security Summit for Startups

OWASP London Chapter is helping host next week's Cyber Startup Summit in conjunction with techUK, PixelPin and Sonatype.The primary focus of the Cyber Startup Summit is to promote innovation across cyber security. It intends to enable collaboration between enterprise security leaders, security startups, creative entrepreneurs, students and academics to discu
Publish At:2015-01-21 20:40 | Read:4441 | Comments:0 | Tags:metrics operation awareness specification maturity SDLC deve

FTC Final Order Against Snapchat

Following a public comment period in May-June 2014, at the end of December the US consumer protection body Federal Trade Commission has approved a final order settling charges against Snapchat that lasts for twenty years.The charges related to how Snapchat deceived consumers about the automatic deletion of private images sent through the service.The key FTC
Publish At:2015-01-10 21:25 | Read:5064 | Comments:0 | Tags:technical privacy retention administrative specification pol

Application Security At Scale and At Speed

Contrast Security has published a new guide about their ideas about building application security into development processes that are reproducible and can be automated as much as possible.The authors call this continuous application security (CAS) and unlike traditional approaches, applies continuous real-time security verification. Their Continuous Applicat
Publish At:2014-12-10 14:05 | Read:4235 | Comments:0 | Tags:vulnerabilities SDLC threats technical continuous architectu

SANS SWAT Checklist and Poster

The SANS Institute has published a poster called Securing Web Application Technologies (SWAT).SWAT 2014 (PDF) is a two-page large-format colourful poster combining a SWAT checklist with a What Works in Application Security chart.The SWAP checklist groups its suggested best practices into the following areas: authentication, session management, access control
Publish At:2014-12-02 17:05 | Read:7462 | Comments:0 | Tags:testing corrective operation metrics maturity administrative


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud