Resource Center  >  Blog


Analyzing the Limitations of OWASP JuiceShop as a Benchmarking Target for DAST Tools

Introduction OWASP JuiceShop, a widely used Capture The Flag (CTF) contest application for penetration testing (PT) teams. It offers a gamified experience with logical puzzles. While it serves its intended purpose, it is not a suitable benchmarking target for Dynamic Application Security Testing (DAST). We will explain why this is the case in this post.

Exploring Maze and Lockbit Ransomware Gangs

In the previous segment of our blog series, we looked at the operations of Ryuk and Conti ransomware groups, shedding light on their tactics and impact. In this section, we turn our attention to Maze and Lockbit, two formidable players in the cyber threat landscape, exploring their collaborative dynamics, unique characteristics, and the evolving strategies that define their ransomware campaigns. 

Exploring Ryuk and Conti Ransomware Gangs

Part 1 of 2 In the dynamic landscape of cyber threats, the battle between ethical and malicious actors has escalated to unprecedented levels. The shift in motivations, from mere amusement to the pursuit of financial gains, has given rise to ransomware gangs that pose a substantial threat to diverse sectors. The implications of this transformation

Navigating the Landscape: Understanding New Regulations Around AI

In the fast-paced realm of AI, the transformative impact on various industries is undeniable. From content creation to marketing strategies, data analysis to strategic planning, AI has become an indispensable tool for businesses seeking efficiency and innovation. Surveys reveal that over half of the US workforce is already incorporating AI into their daily tasks, with

Europe Takes a Historic Leap in AI Regulation with the Landmark AI Act

On December 8, 2023, the European Union took a bold step in the realm of technology regulation by agreeing on a groundbreaking new law, called the AI Act, to regulate artificial intelligence. This move marks one of the world’s first comprehensive legislative efforts to put checks on the use of a technology that’s rapidly reshaping

Bright Security Featured in G2 Winter Report’s Dynamic Application Security Testing Category

We are thrilled to share the exciting news that Bright Security has been prominently featured in the G2 Winter Report, a testament to our commitment to delivering top-notch cybersecurity solutions. This prestigious recognition comes from G2, the world’s most extensive and trusted tech marketplace, where users explore, evaluate, and manage software solutions through genuine and

Anticipating the Future: Key Cybersecurity Trends Shaping 2024 and Beyond

The world of cybersecurity is a dynamic background, where innovation and threats engage in a constant tug-of-war. With each passing day, new technology empower organizations to bolster their defenses and productivity. Yet, on the flip side, these innovations also present fresh opportunities for malicious actors to breach security and access sensitive data. As 2023 unfolded,

NIST Weighs in on Software Supply Chain Attacks

What is a Software Supply Chain (SSC) Attack?  Supply chain attacks strategically focus on infiltrating an organization by compromising the products, in this case the software that the targeted entities depend on. In this type of cyber-assault, attackers covertly implant a backdoor within the software or its development infrastructure. Once established, this concealed entry point

The Growing Concern of Burnout in Application Security

The field of application security (AppSec), a critical component of the broader cybersecurity industry, is experiencing a surge in demand as organizations increasingly prioritize the protection of their digital assets. However, this growing demand is leading to an alarming trend: burnout among application security professionals. The rise in workload, coupled with the fast-paced and high-stress

The AI Revolution: Transforming Businesses and Application Security

Artificial intelligence (AI) has emerged as a transformative force in today’s business landscape, touching virtually every industry with its disruptive potential. At its core, AI represents a machine’s ability to execute cognitive functions typically associated with human intelligence. This technology promises not only to augment human capabilities but also to revolutionize how companies operate, improving

Unlocking Seamless Security with Bright’s DAST on the AWS Marketplace

The cybersecurity landscape is constantly evolving, and organizations must be agile enough to keep pace. In the realm of application security, Dynamic Application Security Testing (DAST) has emerged as a critical tool for identifying and remediating application and API vulnerabilities. Bright’s DAST solution, now available on the AWS Marketplace, stands out by offering developer-centric features and seamless integration. 

What Is Dora and Why Is It Critical

The Digital Operational Resilience Act (DORA) is a new regulation that was adopted by the European Union (EU)  in December 2022. The act aims to improve the digital resilience of the financial sector by requiring financial institutions to implement robust measures to prevent, detect, and respond to ICT-related disruptions and threats. The core goal is

Panel Summary: Best Practices for Tackling OWASP’s Top 10 Web Security Threats

The OWASP Top 10 is a well-known list of web application security risks that has been a prominent reference for many years. However, effectively addressing these threats within your organization can be a challenge.  Fortunately, six industry experts joined forces to tackle the OWASP Top 10. In their session, they discussed crucial topics such as

Benefits of AppSec Education and Gamification

Gamification of AppSec educational allows for a fun experience and competition, creating an environment where educating and learning come naturally, without a lot of added effort and pressure.

Activities and Opportunities at RSA Conference 2023

RSA conference is fast approaching and we want you to stay informed about everything that’s happening. As we gear up for this exciting event, we want you to be in the know of the range of activities designed to explore the fascinating world of AppSec. From 1:1 demos and giveaways to cocktail hours, we’ll be

The Reports of My Death Have Been Greatly Exaggerated: How DAST Is Reinventing Itself

DAST’s ability to provide a simple, developer and AppSec friendly solution that effectively detects vulnerabilities without false positives ensures its continued relevance in the cybersecurity landscape.

How ChatGPT Changes the Cybersecurity Landscape

ChatGPT is taking over the internet, and we delved into the specifics of what that means for the cybersecurity world.

Password Managers: Friends or Foes?

So, you recently decided to purchase a password manager. It is time to say goodbye to remembering an endless number of passwords or storing your passwords in unsafe locations (please, not on a post-it note on your desk!). Your passwords are safe, and you no longer need to worry about your data becoming compromised. Life

Four Ways AI Poses a Threat to Cybersecurity and How to Protect Yourself

The term “artificial intelligence” (AI) describes a machine’s capacity to carry out operations traditionally performed by intelligent entities like humans or animals. Artificial intelligence (AI) systems are capable of reasoning, problem-solving, generalization, planning, and experience-based learning. 

What is SASE, where is it going, and why does it matter?

The old paradigm of networking in company-specific data centers tied to offices is no longer viable in today’s cloud-based, IoT-heavy, distributed workforce, and as such, SASE was born.

Security Breaches: What We Learned in 2022

With global events happening all around us, it’s time to reflect on how the year before us affected the cybersecurity world.

Turning Left: How Bright Reinvented the DAST Wheel

Shifting left is the philosophy behind starting security earlier in the SDLC, by building it into every phase, starting from the project kick off meeting. In doing so, organizations can focus on what truly matters, releasing code. They can also save time, money, and their reputation!

Safety and Preparation for Hacker Summer Camp

Formally named or not, #HackerSummerCamp can provide security risks to you and your personal devices! In this article we will detail several ways you can protect yourself and your devices from the small minority of attendees at this event who behave unprofessionally by causing others issues during this annual event.

Gadi Bashvitz, Bright: “companies must ensure security is part of the design of the product”

As the world gets more connected, it is no surprise that threat actors are constantly on the lookout for vulnerabilities to exploit. With vast amounts of software and applications being released every minute, experts believe that a new development approach must be taken – one where security is weaved into the product from day one.

The Future is Bright

Today we are announcing an additional $20 million in funding to fuel our growth and continue to help organizations (and their software developers) secure their applications and APIs. We’re also changing our company name from NeuraLegion to Bright Security.

Welcoming Industry Veterans to Our Newly-Formed Board

I’m thrilled to announce our newly-formed industry advisory board and welcome to it two luminaries of the industry, each bringing their own unique perspective. They will be helping the team at Bright to continue delivering a cutting-edge, developer-focused application security platform to market.

Bright is now ISO 27701 Certified!

We at Bright are very proud to announce that we have been awarded the accredited certification on ISO 27701, the international standard on data privacy. This builds on the ISO 27001 certification we received a couple months ago and shows our continued commitment to meeting the highest standards of customer security and reliability.

Bright announces strategic partnership with Webomates

Webomates, the leading global provider of Testing as a Service & Bright which provides a modern-day DAST solution enabling organizations to drive compliance on every build have combined their offering to enable organizations to achieve an unparalleled level of QA automation and Security Automation (SA) in one combined platform.

Marriott experienced a data breach – Again!

The hotel giant Marriott confirmed a new data breach, this time involving the personal information of 5.2 million guests.

Microsoft Reports Two Critical 0-day Vulnerabilities

Microsoft warned billions of Windows users of two critical 0-day vulnerabilities in all currently supported versions of Microsoft Windows, both server and desktop.

My first-time RSA experience

Last week I attended my first RSA Conference in San Francisco representing Bright. I wanted to share my impressions and thoughts as a first-timer at the RSA craziness.

Bright & Bind announce strategic partnership

The partnership will focus on Bind distributing Bright’s solutions and offering services associated with these solutions.

What we learned from a very successful Black Hat Europe Conference

We exhibited at Black Hat Europe, one of the Industry’s flagship events, drawing more than 3,000 Cyber Security professionals last week.

Bright at East Coast CyberSecurity Delegation

Last week Bright was honored to be one of a select group of Cybersecurity companies invited to participate in a road show organized by the Israeli Export Institute and the Israeli economic mission to North America.

CircleCI and Bright team up to provide a superior DevSecOps process

CircleCI, a leader in cloud-native Continuous Integration, according to Forrester, and Bright, the maker of the world’s first AI-powered Application Security Testing Tool (AIAST ® ) partner to make the process of delivering secure applications faster and easier than ever.

Bright Welcomes new VP of R&D, Sijawusz Pur Rahnama

Bright is proud to announce and welcome Company’s new VP of R&D, Sijawusz Pur Rahnama.

What We Learned At CyberTech Europe

CyberTech has historically been a great event for us, winning the CyberTech TLV 2019 competition as the most innovative and disruptive solution in Cyber – and the event in Rome was as successful, in different ways.

Get Started
Read Bright Security reviews on G2