AppSec Blog

Application Security news, research, vulnerabilities, DevSecOps, CI/CD tooling, hacking and more


What is Business Constraint Bypass

While security professionals pay significant attention to technical vulnerabilities such as SQL Injection, CSRF and Cross-Site Scripting, modern applications are just as susceptible to business

AppSec Testing

Is your API security testing process mature enough?

Regardless of the maturity of your development and security processes / methodologies, integrating security testing automation into your API development pipelines is a struggle. With

AppSec Testing


In our last post we talked about SAST solutions and why they are not always the best  solution for AST. In this blog post, we


Bright is now ISO 27701 Certified!

We at Bright are very proud to announce that we have been awarded the accredited certification on ISO 27701, the international standard on data privacy.


My first-time RSA experience

Last week I attended my first RSA Conference in San Francisco representing Bright. I wanted to share my impressions and thoughts as a first-timer at

AppSec Testing

Best ways to test Microservices Security

The use of microservices results in many new, open and vulnerable connections. Microservices expose endpoints which are usually referred to as APIs to the public.

AppSec Testing

The ever-present threat of Magecart attacks

Do you know what “skimming” is? It’s a method that hackers use to gather sensitive information in online payment forums. Credit card numbers, email addresses,