Resource Center  >  Blog


Turning Left: How Bright Reinvented the DAST Wheel

Shifting left is the philosophy behind starting security earlier in the SDLC, by building it into every phase, starting from the project kick off meeting. In doing so, organizations can focus on what truly matters, releasing code. They can also save time, money, and their reputation!

Vulnerability Examples: Common Types and 5 Real World Examples

A vulnerability is a security weakness that cybercriminals can exploit to obtain unauthorized access to computer systems or networks. A cybercriminal exploiting a vulnerability can perform various malicious actions, such as installing malicious software (malware), running malicious code, and stealing sensitive data.

Vulnerability Management: Lifecycle, Tools, and Best Practices

Since the security landscape is highly dynamic, with many threats and attacks introduced daily, vulnerability management must become a constant process. Vulnerability management tools automate this process to ensure all of these different components of the modern IT environment are continuously configured to minimize potential threats.

Vulnerability CVE: What Are CVEs and How They Bolster Security

The Common Vulnerabilities and Exposures (CVE) is a catalog that aims to standardize the identification of known cyber threats. It provides a reference list to help security teams bolster their threat intelligence and vulnerability management efforts.

Mocha Testing: 4 Key Features and a Quick Tutorial

What is Mocha Testing Framework? Mocha.js is an open source JavaScript unit testing framework that runs in Node.js and executes tests directly in the browser. Mocha supports most assertion libraries, but is typically used in conjunction with Chai for Node.js.  Its key capabilities include: Ability to test synchronous and asynchronous code with a simple interface.

Post Mortem on Log4J

Post Mortem on Log4J

The purpose of any post mortem is to look into the past in order to find ways to prevent similar issues from happening again, and also to improve upon our responses to issues found in the future. It is not to blame others, point fingers, or punish. A proper post mortem states facts, including what went well and what did not, and issues ideas for improvements going forward.

OWASP ZAP: 8 Key Features and How to Get Started

OWASP Zed Attack Proxy (ZAP) is a free security tool actively maintained by international volunteers. It automatically identifies web application security vulnerabilities during development and testing. Experienced penetration testers can use OWASP ZAP to perform manual security testing.

Cypress Testing: The Basics and a Quick Tutorial

Cypress provides an integrated development environment (IDE) that you can load in your browser. The framework employs an event-based architecture that connects with Google Chrome’s lifecycle events. It enables Chrome to wait for Ajax requests to complete without using a timeout or polling mechanism, leading to faster and more reliable tests.