Resource Center  >  Blog

Appsec Testing

What Is CSRF Token Mismatch and 6 Ways to Fix It

What Is CSRF? Cross-Site Request Forgery (CSRF) is a web application attack that forces an end user to execute unwanted actions on a web application in which they’re authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a

Application Mapping: A Key to Securing Critical Business Applications

In the intricate web of modern business technologies, securing critical applications is paramount. Application mapping emerges as a vital tool in this context, offering numerous benefits for enhancing application security. Application mapping, in the context of information technology and cybersecurity, refers to the process of creating a detailed inventory of an organization’s software applications and

penetration testing tools

Penetration Testing Tools: 10 Tools to Supercharge Your Pentests

Penetration testing (pentesting) is a simulated attack launched for the purpose of uncovering security vulnerabilities. A pentest helps organizations discover security gaps, using a realistic simulation of a cyber attack, which does not cause damage or expose sensitive data. 

An Introduction to Software Supply Chain Attacks

The alarming rise in Software Supply Chain (SSC) attacks has catapulted this issue into a hot topic in the cybersecurity landscape. A staggering 742% increase in these attacks over the past three years, as reported by CSO Magazine, underscores the urgency for organizations to address this escalating threat. SSC attacks continue to be newsworthy with

Data Breaches: Causes, Compliance Impact, and Best Practices

What Is a Data Breach?  A data breach is an incident where unauthorized individuals gain access to confidential data stored in a system. This data can include personal information such as credit card numbers, social security numbers, or corporate information like trade secrets and intellectual property. Some data breaches are orchestrated by cybercriminals intending to

Using SAST and DAST Integration for Reducing Alert Fatigue

In the ever-evolving world of cybersecurity, there’s a relentless push to stay ahead of potential threats. For development teams and cybersecurity professionals, two methodologies have emerged as leaders in the realm of application security in pre-production: Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Each offers its own unique advantages, but when

Black Box Testing: Types, Techniques, Pros and Cons

What Is Black Box Testing in Software Engineering?  Black box testing involves evaluating the functionality of software without peering into its internal structures or workings. The term “black box” refers to a system where the internal mechanics are unknown, and testing solely focused on the output generated by a given input. When conducting black box

SAST vs. DAST: 5 Key Differences and Why to Use Them Together

In our last post we talked about SAST solutions and why they are not always the best  solution for AST. In this blog post, we are going to compare SAST to DAST solutions.

Why Running DAST in Production is Not a Good Idea

The practice of running DAST in production environments presents multiple risks and challenges that can actually hinder your security goals. Here’s why you should think twice before running DAST scans on a live production system.

5 Pillars of Cloud Native Security

What Is Cloud Native Security?  Cloud Native Security refers to the practice of safeguarding cloud native  applications. These applications are designed to take advantage of cloud computing’s full potential, leveraging the benefits of scalability, flexibility, and speed. Cloud native applications are typically composed of microservices, packaged in containers, and orchestrated through automated systems. These components

unit testing

Unit Testing: Definition, Examples, and Critical Best Practices

A unit test is a type of software test that focuses on components of a software product. The purpose is to ensure that each unit of software code works as expected. A unit can be a function, method, module, object, or other entity in an application’s source code. 

Mobile Security: 6 Ways to Protect Mobile Devices

Mobile security is a broad term that encompasses all the measures and technologies used to safeguard both personal and business information stored on and transmitted from our mobile devices.

11 API Security Best Practices You Must Know

API security is the use of any security practice relating to application programming interfaces (APIs), which are common in modern applications. API security involves managing API privacy and access control and the identification and remediation of attacks on APIs. These attacks exploit API vulnerabilities or reverse engineer APIs. 

Analyzing DAST Methods: Quick and Shallow vs In-Depth Scans

Dynamic Application Security Testing (DAST) is a crucial component in fortifying web applications against potential vulnerabilities. By taking a proactive stance, DAST systematically detects and addresses security flaws.

Web Application Scanning: Why You Need it and Choosing a Tool

Web application scanning involves systematically testing a web application for potential security vulnerabilities. The goal of web application scanning is to identify security weaknesses before they can be exploited by attackers. 

Shift Left Testing: Why You Need It and 4 Tips for Success

Shift left testing is a software testing approach that emphasizes moving the testing process earlier in the software development life cycle (SDLC). The term “shift left” refers to the notion of shifting the testing activities towards the left side of the project timeline, meaning they are conducted earlier rather than later in the development process.

Introducing 2023 Guide to AppSec Testing Tools

Choosing the right application security tools can be a daunting task, as there are countless options available in the market. To help you make the right decision, we have put together a 2023 Guide to Application Security Tools.

The Quest for The Perfect AppSec Program

Whether you’re starting your Application Security (AppSec) program from scratch or looking to improve an existing one, it’s important to consider various factors such as program maturity, organizational structure, and effective strategies. Unfortunately, there’s no one-size-fits-all solution, as each organization has unique needs and requirements.  Luckily, four industry experts came together for a live discussion

What Is Dynamic Application Security Testing (DAST)?

Dynamic Application Security Testing (DAST) is an Application Security Testing methodology in which the application is tested in operating mode, from the outside-in. As DAST tools don’t have access to the application and API’s source code, they detect vulnerabilities by performing actual attacks, similar to a real hacker. In a sense, DAST tools perform automated penetration testing of your web applications.

IAST vs DAST: What Is the Difference?

DAST (Dynamic Application Security Testing) is a method of testing the security of a web application. IAST (Interactive Application Security Testing) combines elements of SAST and DAST.

Application Security Trends To Keep an Eye on in 2023

The term “application security” (AppSec) describes the processes, practices, and tools used to identify, repair, and protect against application vulnerabilities throughout the Software Development Life Cycle (SDLC). AppSec activities include, but are not limited to, performing a formal secure code review, hiring a pentester, or simply updating an existing framework with the final goal of

OWASP ZAP: 8 Key Features and How to Get Started

OWASP Zed Attack Proxy (ZAP) is a free security tool actively maintained by international volunteers. It automatically identifies web application security vulnerabilities during development and testing. Experienced penetration testers can use OWASP ZAP to perform manual security testing.

Cypress Testing: The Basics and a Quick Tutorial

Cypress provides an integrated development environment (IDE) that you can load in your browser. The framework employs an event-based architecture that connects with Google Chrome’s lifecycle events. It enables Chrome to wait for Ajax requests to complete without using a timeout or polling mechanism, leading to faster and more reliable tests.

Unit Testing in Node.js: The Basics and a Quick Tutorial

To do unit testing in Node.js, you will typically use a JavaScript unit testing framework. Common frameworks include Mocha, Jest, Jasmine, and Cypress. We’ll show how to do Node.js unit testing in Jest.

OWASP Top 10 API Security Threats

What Is the Open Web Application Security Project (OWASP)? The Open Web Application Security Project (OWASP) is a non-profit foundation by a global community dedicated to providing free application security resources. OWASP offers guidance on developing and maintaining secure software applications. The goal is to educate software architects, developers, and business owners about security risks. 

Security is Everybody’s Job — Part 6 — The Second Way

The Second Way of DevOps is fast feedback. In security, when we see this we should all be thinking the same thing: Pushing Left. We want to start security at the beginning of the system development life cycle (SDLC) and ensure we are there (providing feedback, support and solutions) the whole way through!

Security is Everybody’s Job — Part 5 — The First Way

The first “Way” of DevOps is emphasizing the efficiency of the entire system. Many of us tend to focus only on our part of a giant system, and get bogged down improving only our own contributions to the larger process. It’s rare that we stand back, look at the entire thing, and realize that if we helped another team or changed something small within our part, that it could improve other areas for the better. The first way of DevOps is about looking at the entire system, and making sure the entire thing is as efficient as possible.

Security is Everybody’s Job — Part 4 — What is DevSecOps?

DevSecOps is the security activities that application security professionals perform, in order to ensure the systems created by DevOps practices are secure. It’s the same thing we (AppSec professionals) have always done, with a new twist.

Security is Everybody’s Job — Part 3 — What IS DevOps?

What IS DevOps? There are many definitions of DevOps, too many, some might say. Some people say it’s “People, Processes, and Products”, and that sounds great, but I don’t know what I’m supposed to do with that. When I did waterfall I also had people, processes, and products, and that was not great. I thought

Security is Everybody’s Job — Part 2 — What is Application Security?

Application Security is every action you take towards ensuring the software that you (or someone else) create is secure. Tanya Janca This can mean a formal secure code review, hiring someone to come in and perform a penetration test, or updating your framework because you heard it has a serious security flaw. It doesn’t need

Security is Everybody’s Job — Part 1 — DevSecOps

This is the first in a many-part blog series on the topic of DevSecOps. Throughout the series we will discuss weaving security through DevOps in effective and efficient ways.

Threat Modelling Serverless

I met with my colleague Bryan Hughes the other day to discuss the security of a serverless app he’s creating for JSConf EU. We had discussed the idea of threat modelling while on a business trip together and he wanted to give it a go. Since I am particularly curious about serverless apps lately thanks to Tal Melamed having dragged me into the OWASP Serverless Top 10 Project, I was excited to have a chance to dive down this rabbit hole.

How Vue Unit Testing Works and 4 Critical Best Practices

When building a Vue.js application, unit testing is important to ensure the quality of your code and prevent regressions. Vue unit testing involves breaking your application into functions, modules, classes, and components, each of which can be tested independently. By writing unit tests for your components and running them with each build, you can catch issues early and fix them early in the development lifecycle.

Unit Testing in Javascript: DIY vs. Test Framework

Popular JavaScript unit testing frameworks include Jest, Mocha, and Jasmine. We’ll show how to run a simple unit test without a full framework, and how to test your code using Jest.

OWASP Top 10 Risks and How to Prevent Them

The Open Web Application Security Project (OWASP) is a non-profit organization that strives to improve web application security by offering research and free resources. The organization provides easily accessible materials on its website to make it possible for anyone to improve the security of their web applications. 

Unit Testing in Angular: The Basics and a Quick Tutorial

Angular is an application design framework and development platform for creating complex, high performance single page applications.

Top 7 Unit Testing Frameworks: A Quick Comparison

Unit testing is a common skill among software developers—chances are you have at least some experience writing unit tests. As you scale up your unit testing, unit testing frameworks come in useful. These frameworks, most of which are open source, can help you create large test suites and execute them automatically every time you build a new version of your software.

Unit Testing Best Practices: 9 Ways to Make Unit Tests Shine

A unit test validates and verifies individual software units (or components) to ensure each unit works as intended. A unit may be a function, procedure, method, object, or module. Unit testing occurs during the coding phase of the software development lifecycle, and can help identify coding errors, code quality issues, and security issues.

DevSecOps vs DevOps: What’s Different and How to Make the Move

DevOps involves collaboration between application development and operations teams, which work closely throughout the software development process. DevOps teams share the same goals, tools, and key performance indicators. DevOps aims to facilitate shorter development cycles, allowing for frequent releases while maintaining the software’s quality, resilience, and predictability. 

Unit Testing vs. Functional Testing: In-Depth Comparison

Unit testing helps evaluate and fix small units during the development phase. You can run unit tests automatically or manually. Ideally, you should run these tests frequently to verify your code-in-progress is working as intended.

What Are Penetration Testing and Vulnerability Assessment?

Vulnerability assessments provide organizations with detailed information about security vulnerabilities in their environment. They also offer guidelines for assessing the risks associated with these vulnerabilities. This process allows organizations to understand their assets, security vulnerabilities, and overall risk, making it less likely for attackers to compromise their systems and steal their information.

9 Critical Web Application Vulnerabilities and How to Prevent Them

A web application vulnerability is any system flaw that an attacker can exploit to compromise a web application. Web vulnerabilities differ from other common vulnerabilities like asset flaws or network vulnerabilities because web applications require the ability to communicate and interact with multiple users from different networks. The accessible nature of a web application makes it an easy target for a hacker. Continuous security testing is critical to identify security vulnerabilities and protect your organization.

What is Penetration Testing? Process, Types, and Tools

The term penetration testing (pentesting) refers to processes, tools, and services designed and implemented for the purpose of simulating attacks and data breaches, and finding security vulnerabilities. You can run a pentest for a computer system, an entire network, or a web application. 

What is DNS Attack and How To Prevent Them

DNS is a fundamental form of communication. It takes user-inputted domains and matches them with an IP address. DNS attacks use this mechanism in order to perform malicious activities. 

security testing

Security Testing: Types, Tools, and Best Practices

Security testing checks whether software is vulnerable to cyber attacks, and tests the impact of malicious or unexpected inputs on its operations. Security testing provides evidence that systems and information are safe and reliable, and that they do not accept unauthorized inputs.

4 Unit Testing Examples: Android, Angular, Node, and React

Unit tests are automated tests created by developers to verify that individual components of an application, known as units, are error-free and behave as expected. 

What Is Fuzzing (Fuzz Testing)? Everything You Need to Know

Fuzzing is the art of automatic bug detection. The goal of fuzzing is to stress the application and cause unexpected behavior, resource leaks, or crashes. 

6 Best DAST Tools You Should Know in 2024

Dynamic application security testing (DAST) tools provide automated security testing for various real-world threat scenarios. You can use DAST tools to identify security vulnerabilities in running applications, and remediate them so external threat actors cannot exploit them.

DAST vs Penetration Testing: What Is the Difference?

DAST tools go into action when an application is deployed, either in a test or staging environment or in a real production environment. They can continuously scan applications to discover new vulnerabilities or misconfigurations that are introduced over time.

3 Simple CSRF Examples: Understand CSRF Once and For All

Cross-site request forgery (CSRF) is a technique that enables attackers to impersonate a legitimate, trusted user. CSRF attacks can be used to change firewall settings, post malicious data to forums, or conduct fraudulent transactions. In many cases, affected users and website owners are unaware that an attack occurred, and become aware of it only after the damage is done and recovery is not possible.

SQL Injection Python: Attack Example and 4 Tips for Prevention

SQL injection (SQLi) involves adding malicious code to a database query to gain unauthorized access to a web application’s database. Threat actors employ SQL injection techniques to manipulate SQL code, intending to execute malicious code that can help them gain access to sensitive data or compromise the database server. 

IAST

Interactive application security testing (IAST) solutions help detect and remediate vulnerabilities in web applications, as part of an organization’s security testing toolset.

What Is API security? The Complete Guide

An Application Programming Interface (API) allows software applications to interact with each other. It is a fundamental part of modern software patterns, such as microservices architectures.

DevSecOps Best Practices – Small Changes for a Big Difference

In today’s fast paced agile world, keeping data safe should be everyone’s job, with collaborative and robust security processes in place. To ensure success, especially with multiple iterations of software being pushed into production daily, we need to have a framework in place that will bring the required people, processes and tools together. One such framework is DevSecOps.

9 Penetration Testing Types

Penetration testing (pentesting), is a cybersecurity technique used by organizations to identify and remediate security vulnerabilities. Organizations hire ethical hackers to imitate the tactics and behaviors of external attacks. This makes it possible to evaluate their potential to compromise computer systems, networks, or web applications. 

What is Network Penetration Testing?

Network penetration testing is an attempt by an ethical hacker to breach an organization’s network without doing harm. The objective is to identify security weaknesses in the network and its security controls, report on them, and allow the organization to remediate them.

Web Application Security: Threats and 6 Defensive Methods

Web application security is the practice of detecting and preventing cyber attacks on websites, and more importantly—building websites that are secure to begin with. This includes a set of security controls built into web applications to protect them from a growing variety of cyber threats.

web application security best practices

6 Web Application Security Best Practices

Security should be a crucial part of any application you are working on. In this article we are going to cover the web application security best practices you should consider when working on your next project, but before we do that, let us quickly cover why security is so important.

Penetration Testing in AWS: Can You Test Your Cloud?

Penetration testing typically involves an ethical hacker looking for network vulnerabilities that a malicious hacker could exploit. These tests provide insights into a network’s points of weakness, informing security teams on how to repair them.

SQL Injection in Oracle: Examples and Prevention

SQL injections represent one of the most prominent and dangerous attacks, a staple inclusion in the OWASP Top 10. It is a code injection technique used to exploit vulnerabilities in the application layer to retrieve or corrupt the data they hold. 

6 CSRF Protection Best Practices You Must Know

A CSRF attack can force a user to perform unwanted actions on a web application. CSRF assumes that the user is already authenticated. Attackers typically use social engineering to trick users into clicking a link that performs actions that can benefit the attacker.

Avoiding Security Incidents with a Dev-First AppSec Program

Did you miss our webinar on ‘Avoiding Security Incidents with a Dev-First AppSec Program’? Don’t worry; it’s available on-demand!

snyk cli

Snyk CLI Quick Guide: Installation and Common Commands

Snyk is a popular security testing platform for developers. The Snyk Command Line Interface (CLI) lets you introduce Snyk functionality into your software development workflow, to scan for security problems as part of ongoing development. You can run Snyk CLI on a local machine or as part of a continuous integration/deployment (CI/CD) pipeline. 

8 Great Snyk Alternatives

Snyk is an application security testing tool that lets you identify and remediate vulnerabilities in open source components, proprietary source code, containers, and infrastructure as code (IaC) templates. It is cloud-based and offered on a monthly subscription basis, with a limited free plan.

7 Open Source Pentesting Tools and When To Use Them

The goal of pentesting (penetration testing) is to detect security vulnerabilities by utilizing specific processes, tools and services. You can either opt-in for a manual pentest, conducted by a team of white-hat hackers, or you can use an automated approach, having a software solution perform the test. Either way, the target of a pentest can be a computer system, a network or a web application.

Deserialization in Java and How Attackers Exploit It

Serialization in Java represents a process in which an object in the Java programming language is converted into a format that can either be transferred over a network or saved to a database. Deserialization in Java represents a process opposite to that. In the process of deserialization, a serialized Java object is read from a file or network and is being converted into an object.

Penetration Testing Report: 6 Key Sections and 4 Best Practices

Penetration testing (pentesting) involves assessing the security of a system, network, or application. Although pentesters use the same techniques as malicious attackers, the process is legal, because it is performed with the consent of the tested organization. 

devops testing banner

DevOps Testing: The Basics and 5 Best Practices

DevOps is a methodology promoting close communication and cooperation between development and operations teams. Implementing DevOps requires adopting certain tools and processes, including the deployment and maintenance of programmable infrastructure, iterative development practices, and automation.

What is Penetration Testing as a Service (PTaaS)?

Organizations are under constant threat from a wide variety of vulnerabilities. Security professionals can be slow to identify and remediate vulnerabilities in software and IT systems, creating a large window of exposure. 

5 Types of Application Security Testing You Must Know About

Application security testing (AST) is an umbrella term for methodologies that assist in finding and eliminating software vulnerabilities. The security testing process includes tests, analysis, and reports that provide insight into the security level of a software program. 

Black-Box Penetration Testing: Pros and Cons

The term black-box penetration testing (pentesting) refers to external tests aimed at identifying vulnerabilities in systems, applications, or networks. Unlike other forms of security testing, penetration testing can verify that vulnerabilities are exploitable by attackers, and show exactly how. Black-box penetration testing is also known as external penetration testing or trial and error testing. 

DevSecOps

What Is DevSecOps? Adding Security to the SDLC

DevSecOps is a strategic approach that unites development, security, operations, and infrastructure as code (IaaS) in a continuous and automated delivery cycle. 

DevSecOps tools

11 DevSecOps Tools That Will Help You Shift Security Left

DevSecOps is a holistic approach to security, informed by a community-driven mindset. Developers, IT operations, and security professionals use DevSecOps tools to build secure software, by embedding security standards in all parts of the DevOps pipeline. Security is now a part of all stages of development, from writing code to deployment of applications in production. 

GraphQL Testing: Components to Test and 5 Security Testing Tips

GraphQL is a query language, as well as a server-side runtime, designed for APIs. GraphQL prioritizes providing clients with only the requested data. The goal of GraphQL is to make APIs flexible, developer-friendly and fast. 

Top 6 API Security Testing Tools and How to Choose

Application Programming Interfaces (APIs) enable communication between applications and services. API misconfigurations and vulnerabilities can expose data. Threat actors exploit APIs as access points into systems and networks. 

REST API Testing: The Basics and 8 API Testing Tips

Representational State Transfer (REST) is a software architectural style that defines certain rules (constraints). For example, a REST constraint states that a web application must be able to deliver data whenever a command is given.

WS-Security: Is It Enough to Secure Your SOAP Web Services?

Web Services Security, also known as WS Security, is an extension to the SOAP specification, which specifies how to secure SOAP web services from external attacks. WS Security offers a set of API security measures that can help ensure security for SOAP-based messages, through the implementation of several principles that help achieve confidentiality, authentication and integrity.

GraphQL Security Guide

GraphQL Security: The complete guide

GraphQL is a query language specifically designed for processing data. It’s most often used to communicate between the client and server. The biggest GraphQL advantage is that it’s very efficient in saving bandwidth as it serves the data with a single query using schemas. 

What is a Security Champion and Why You Need One

While a security culture for a successful DevOps and AppSec programme is important, to succeed, security needs to be top of mind for everyone across your pipeline. 

WebSocket Security: Top 8 Vulnerabilities and How to Solve Them

WebSockets are becoming increasingly popular, because they greatly simplify the communication between a client and a server. 

solarwinds banner

SolarWinds Vulnerability: How to Protect Your Organization

The SolarWinds attack was one of the largest nation-state supply chain attacks we have seen to date. The attack originated from SolarWinds’ Orion network management software and was likely carried out by nation-state adversaries.

sql injection in php

SQL Injection in PHP Web Applications

When an attacker exploits a PHP application via an SQL Injection, they can gain access to the application’s database and make the application execute unauthorized injected SQL commands to control the behavior of the application. 

10 Security Acronyms Every Developer Must Know

With DevSecOps and CI/CD, security testing now sits at multiple stages of the development pipeline, especially with developer first application security tools, with conversations about security being held regularly. 

csrf token banner

What is a CSRF Token and How Does It Work?

CSRF (Cross Site Request Forgery) tokens can be a great mechanism in preventing CSRF attacks, but what are they?  How do they protect against CSRF attacks? How should they be generated? We are going to cover the answers to these and more questions in this blog post.

microservices security banner image

Microservices Security: Challenges and Best Practices

Engineers and architects are challenged by security issues that arise with microservices. If these concerns are not addressed in the SDLC, vulnerabilities will appear in production. 

Aggregating SCA, SAST and DAST Vulnerability Results

DevOps looks to combine the culture, methodologies and tooling of both the software development and operations teams, so companies can deliver new application features at a much greater velocity. 

bright and checkmarx banner

Complete your AppSec testing Automation, with Bright

The shift to rapid, frequent deployments over the past decade left application security behind. However, in recent years security is starting to catch up. Leading companies are now integrating security testing into CI & CD, running automated tests with every commit, and fixing bugs long before they hit production.

bright and fossa blog banner

Using FOSSA? Complete your AppSec testing automation with Bright

As security testing is increasingly shifting left, developer focused application security testing tools are bridging the gap between engineering and security.

Shopping for an AppSec testing solution? Here is what to consider

In this article we introduce three key features you have to look for when shopping for your AppSec & API testing automation tool:

bright and snyk banner

Using Snyk? Complete your AppSec testing Automation, with Bright

Security is no longer a siloed team with sole ownership of security testing – security testing is increasingly shifting left. Instead of developers being brought into the fold later in the process, developer focused security testing tools are bridging the gap between engineering and security.

penetration testing services banner

Penetration Testing Services: Manual or Automated?

Penetration testing (also called pentesting) is a controlled attempt to breach IT systems. Penetration testing is performed on behalf of the organization, in order to discover and remediate security weaknesses. There are two types of penetration testing services: manual and automated.

What is the most Important feature of your DAST Tool?

In today’s fast-paced software development world, with DevOps and CI/CD, the need for security testing automation has never been greater.

How often are you testing for Application vulnerabilities?

Whether you are just starting your DevOps journey, or are fine tuning your processes as you mature, with CI/CD and easy deployment of new microservices, changes to applications and APIs are carried out at breakneck speed, with multiple iterations in a day.

Size may not matter…but in DevSecOps, frequency certainly does!

With applications driving the global economy, developers are under pressure to deliver software and more features at an unprecedented scale and speed. 

Putting the Sec in DevSecOps

Last week I had the pleasure of presenting at the Pittsburgh Cybersecurity day in partnership with ISACA. It was exciting to see more than 250 cybersecurity and application security professionals interested in discussing and learning how security can be enabled in a world rapidly adopting DevOps practices.

DevSecOps Tooling Best Practices

DevOps teams have become successful in releasing code at speed, whether for webapps or APIs, but with the lack of testing automation, are releasing vulnerabilities at speed too.

Security Testing Automation for GraphQL APIs, with Bright

Bright’s ability to work with modern technology stacks and API security testing now includes full support for GraphQL APIs, enabling our customers to simplify, automate and scale their security testing even further with our solutions, as they embrace new architectures.

Top 5 ways WordPress websites get hacked

WordPress has many advantages and is not without reason the most popular way to build a website, with 60% of pages on the web based on it. Unfortunately, it is this popularity that makes WordPress a juicy target for malicious users. Every year hundreds of thousands of WordPress and ecommerce sites get hacked.

The ever-present threat of Magecart attacks

Do you know what “skimming” is? It’s a method that hackers use to gather sensitive information in online payment forums.

Why are SAST solutions not always the best option for AST?best ways to test Microservices security

There are many methodologies you can use to detect application vulnerabilities. One of the most common methodologies is Static Application (or Analysis) Security Testing. Before we dive into the shortcomings of SAST solutions, let’s first outline what Static Application Security Testing is.

Software vulnerability risks in the DevOps era

Time to market is everything. In today’s industry, many companies bring products to market at a break-neck pace. What does this mean for software developers? They constantly need to release new builds.

Data Breaches Due to Exposed Databases

As we wrap up our posts for 2019 we thought we would recap the “joy” of some significant breaches that happened in the past through years. May 2020 see us all secure and have no vulnerabilities exposed.

Implementing application security throughout the SDLC

Recent studies show that developers do not actively pay attention to the security of their code unless directed otherwise. Still, application security is fundamental from the early stages of app development.

Resurgence of DAST for SDLC Integration and Scan Automation

Dynamic application security testing – DAST is one of the oldest automated application security testing techniques, it has been around since the mid-1990s. DAST solutions interact with live web applications and web services, acting like a hacker-in-a-box. It has always been popular with penetration testers and security auditors looking to save valuable time.

Cybersecurity In the Era of Industry 4.0

In the era referred to as ‘Industry 4.0’ or ‘The Fourth Industrial Revolution,’ two of the pillars of the technology field;  automation and data transfer are closely coupled with concerns regarding cybersecurity.

The Cost of a Data Breach and Latest Statistics

For the 14th year, IBM and the Ponemon Institute have released their annual “Cost of a Data Breach” report, aggregating the costs reported by 507 organizations, from 17 industries, and 16 regions. IBM and Ponemon interviewed 3,211 individuals and collected data points regarding the number of client records stolen or lost in breaches, how the organization responded to the breach, and how their business did after the breach.

How to Embrace Security Awareness Inside Your Company

As the cost of insecure applications grows more and more evident by the day, are we doing everything we can and should, to mitigate the risk?

DevSecOps – Make smarter decisions about your application’s security

Writing secure code is becoming a greater challenge every day. Even the largest multinational companies that attract the best developers from all around the world, face the same problem. They are suffering vulnerabilities in their code, from SQL Injection, Cross-Site Scripting, to backdoors.

Get Started
Read Bright Security reviews on G2