Bright Security’s Enterprise Grade Dev-Centric DAST Integrates with

Microsoft Defender for Cloud →
Product
Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.

Integrations

Connecting your security stack & resolution processes seamlessly.

Docs

Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.

Resources
Blog

Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

Docs

Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.

Research

Download whitepapers & research on hot topics in the security field.

Company
About us

Who we are, where we came from, and our Bright vision for the future.

News

Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
What We Learned At CyberTech Europe

What We Learned At CyberTech Europe

A synopsis of our experience whilst exhibiting at the Innovation Zone at Cybertech Europe 2019 by our SVP Sales & Partnerships, Oliver Moradov.

CyberTech has historically been a great event for us, winning the CyberTech TLV 2019 competition as the most innovative and disruptive solution in Cyber – and the event in Rome was as successful, in different ways.

The event was a great opportunity for Italian Cyber, InfoSec and IT professionals to get up to speed with the latest and cutting edge CyberSec technologies, especially with those exhibiting in the Innovation Zone, as we were.

It was also a great opportunity for us to learn more about the Italian market and more importantly, the current status of Italian enterprise and public body organisations in terms of their InfoSec and cyber security practises and posture.

Globally, it is clear that the cyber security industry is growing, fuelled by companies realising that simply being compliant will not cut it, especially in the wake of the high profile attacks and breaches over the last 12 months. 

I had an absolute whirlwind of a week with my colleagues, enjoying back-to-back-to-back meetings, speaking to almost 100 people / organisations across a complete cross-section of industries and sectors, who specifically wanted to understand how they could approach developing and releasing more secure applications, faster, whilst also being able to scale the testing of their applications in production.

There were several common themes across every engagement we had, but I will use one example that highlights all the salient lessons I learnt.

Speaking to InfoSec representatives of one Public Services organisation, who will of course remain unnamed, they were completely disjointed from the development team. They were candid in their responses – they knew absolutely nothing about the security measures, in particular the AppSec testing, that their development colleagues had in place prior to release, even though they headed up InfoSec. They would perform periodic (but not regular) testing, that would consist mainly of manual testing internally, but admitted they didn’t have a sizeable team with the requisite experience to cover the 950 applications they continue to manage. Over 700 of the applications they have are legacy ones (a common theme across industries and sectors we spoke to), on old frameworks and languages and current DAST tools simply do not work. When asked how much they spend on manual PT, the universal “Mama Mia..!” explained its magnitude perfectly. 

Interestingly, whilst speaking to them, another delegate approached our stand and started talking to my colleague, only for me to notice from his pass around his neck, that they were from the same organisation! They had never met (which with thousands of employees was understandable) and after making our introductions, we realised we had the development to left of me, InfoSec to the right, “here I am…..at CyberTech with you…”

Normally played out over a webex, I had the benefit of now being able to watch two departments that are intrinsic to an organisations security, whose actions directly effect each other, discuss their issues.

The immature DevOps process relied solely on SAST. They were not happy with it and the false positives created, a major drain on their resource. They wanted to implement DAST, but after a few evaluations and PoCs, they realised that the tools would slow them down and not give them the coverage they need.

The InfoSec guys complained that too many vulnerabilities were getting through, the detection of these was too late and the mammoth task of effectively prioritising remediation had snowballed so much that they didn’t even know where to start..!

Sounds familiar..? They and you are not alone and is why the concept of DevSecOps is one that is gaining more and more traction, but is at the embryonic stages in Italy at the moment.

It’s well known that software vulnerabilities are the main cause of successful cyber attacks and data breaches, an issue that needs to be addressed immediately.

The processes adopted by companies to develop software and organisation’s dependency on these applications has changed exponentially, resulting in a greater exposure to risk.

Everyone agrees that application security is a business critical process, but is one that historically does not compliment or indeed fit the application / software development methodologies like DevOps and so is doomed to failure, failure at being used or integrated into the processes at all, so as not to impact on the commercial business goals. 

All of the engagements that I had agreed that in order to succeed, the gap between security and development needs to be eradicated all together.

The interest in our innovative approach and the pain points we remove was amazing – we spoke about how easy it is to embed and to seamlessly integrate comprehensive, accurate and automated security testing into the DevOps process, regardless of the maturity of the DevOps process, or indeed if they had one yet at all.

They were able to understand that with the solutions on our AIAST platform (like Bright), that deliver simple to use, intuitive and unrivalled testing capabilities that require no cyber security experience, security testing can be put into the hands of their developers, integrated into their agile development or unit testing processes and / or enabling even their QA to introduce automated AppSec security testing.

Based in the UK, the number of Brexit jokes I had to endure over the trip was understandable, but whilst we determine if its better to be in or not, to be unified or not, one thing is for certain….a union of DevOps and security is of paramount importance to reduce exposure and AppSec Testing automation is the only way of effectively achieving this.

Resources

Domain Hijacking: How It Works and 6 Ways to Prevent It

What Is Domain Hijacking?  Domain hijacking refers to the unauthorized acquisition of a domain name by a third party, effectively taking control away from the rightful owner. This form of cyber attack can lead to significant disruptions, including loss of website functionality, email services, and potentially damaging the brand’s reputation.  Domain hijackers often exploit security

Mastering Vulnerability Management: A Comprehensive Guide

Modern day organizations face a constant barrage of cyber threats, making it imperative to implement robust vulnerability management processes. Vulnerability management is a systematic approach to identifying, evaluating, treating, and reporting on security vulnerabilities in systems and their associated software. In this blog post, we’ll delve into the four crucial steps of vulnerability management process

Vulnerability Scanners: 4 Key Features, Types, and How to Choose

A vulnerability scanner is a specialized software tool designed to assess the security of computers, networks, or applications by automatically detecting and analyzing weaknesses. These scanners proactively search for security vulnerabilities, such as unpatched software, misconfigurations, and other security gaps that could be exploited by attackers. Some scanners can simulate the actions of an attacker to help identify exploitable vulnerabilities.

Get our newsletter