Must Know Business Logic Vulnerabilities In Banking Applications

Must Know Business Logic Vulnerabilities In Banking Applications

Over the last few years, our On-Demand and Hybrid Penetration Testing platform has performed security testing of applications across various verticals and domains including Banking, e-commerce, Manufacturing, Enterprise Applications, Gaming and so on. On one side, SQL Injection, XSS and CSRF vulnerabilities are still the top classes of vulnerabilities found by our automated scanning system,Read more about Must Know Business Logic Vulnerabilities In Banking Applications[…]

Penetration Testing for  E-commerce Applications

Penetration Testing for E-commerce Applications

Over the past decade, E-Commerce applications have grown both in terms of numbers and complexity. Currently, E-Commerce application are going forward becoming more personalized, more mobile friendly and rich in functionality. Complicated recommendation algorithms are constantly running at the back end to make content searching as personalized as possible. Here we will learn about theRead more about Penetration Testing for E-commerce Applications[…]

Source Code Analysis- How to Remediate your Vulnerabilities

Source Code Analysis- How to Remediate your Vulnerabilities

The AppSec How -To:Visualizing and Effectively Remediating Your Vulnerabilities: The biggest challenge when working with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous results. Developers are quickly overwhelmed trying to analyze security reports containing results that are presented independently from one another.   Take for example, WebGoat – OWASP’s deliberately insecure Web application used as aRead more about Source Code Analysis- How to Remediate your Vulnerabilities[…]

5 Key Benefits of Source Code Analysis

5 Key Benefits of Source Code Analysis

Static Code Analysis: Binary vs. Source Static Code Analysis is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. According to Gartner’s 2011 Magic Quadrant for Static Application Security Testing (SAST), “SAST should be considered a mandatory requirement for all IT organizations that develop or procure application”. In fact,Read more about 5 Key Benefits of Source Code Analysis[…]

16 Application Security Trends That You Can’t Ignore In 2016

16 Application Security Trends That You Can’t Ignore In 2016

Application Security has emerged over years both as a market as well as a technology. Some of the key drivers had been the explosion in the number of applications (web and mobile), attacks moving to the application layer and the compliance needs. Following are 16 Application Security Trends which we believe the industry will observeRead more about 16 Application Security Trends That You Can’t Ignore In 2016[…]

8 Questions to ask your Application Security Testing Provider !

8 Questions to ask your Application Security Testing Provider !

Choosing the right Application Security Testing Service Provider is not always an easy task. By asking the right questions and knowing what answers to look for, you can conduct the thorough evaluation of the various vendors available in the market and make the most intelligent choice for your business.There are numerous options like buying tools, using cloudRead more about 8 Questions to ask your Application Security Testing Provider ![…]

4 Areas where Artificial Intelligence Fails in Automated Penetration Testing

4 Areas where Artificial Intelligence Fails in Automated Penetration Testing

Formal Modeling and Automation is one of the things I love. I try to model everything and sometimes modeling helps and sometime it lands me in trouble. It helped me when I tried to model Penetration Testing and worked with my co-founder to design our first version of automated Penetration Testing Tool at iViZ. Where itRead more about 4 Areas where Artificial Intelligence Fails in Automated Penetration Testing[…]

10 questions to ask before you start your Bug Bounty program…

10 questions to ask before you start your Bug Bounty program…

Bug bounty programs are quite common these days with several of the biggest names in the industry have launched various avatars of the program. I have been asked by a few security managers and managements about should they launch a bug bounty program. Definitely bug bounty program has the advantage of crowd sourcing. However anRead more about 10 questions to ask before you start your Bug Bounty program…[…]

Checklist To Assess The Effectiveness Of Your Vulnerability Management Program

Checklist To Assess The Effectiveness Of Your Vulnerability Management Program

From our experience of helping organisations in building their ‘Vulnerability Management’ program, we feel that one of the major challenge the security manager/management faces does not always know the reality on the grounds. Obviously, the management is extremely busy and has got too many priorities. It is natural to get into managing whirlwinds. So, IRead more about Checklist To Assess The Effectiveness Of Your Vulnerability Management Program[…]

How to benchmark a web application security scanner?

How to benchmark a web application security scanner?

There is a plethora of web application scanner; every one of which claims to be better than the other. It is indeed a challenge to differentiate between them. We need to benchmark the application scanner against hard facts and not marketing claims. Below are some of the most critical metrics against which you would like to benchmark webRead more about How to benchmark a web application security scanner?[…]