Source Code Analysis- How to Remediate your Vulnerabilities

Source Code Analysis- How to Remediate your Vulnerabilities

The AppSec How -To:Visualizing and Effectively Remediating Your Vulnerabilities: The biggest challenge when working with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous results. Developers are quickly overwhelmed trying to analyze security reports containing results that are presented independently from one another.   Take for example, WebGoat – OWASP’s deliberately insecure Web application used as aRead more about Source Code Analysis- How to Remediate your Vulnerabilities[…]

5 Key Benefits of Source Code Analysis

5 Key Benefits of Source Code Analysis

Static Code Analysis: Binary vs. Source Static Code Analysis is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. According to Gartner’s 2011 Magic Quadrant for Static Application Security Testing (SAST), “SAST should be considered a mandatory requirement for all IT organizations that develop or procure application”. In fact,Read more about 5 Key Benefits of Source Code Analysis[…]

16 Application Security Trends That You Can’t Ignore In 2016

16 Application Security Trends That You Can’t Ignore In 2016

Application Security has emerged over years both as a market as well as a technology. Some of the key drivers had been the explosion in the number of applications (web and mobile), attacks moving to the application layer and the compliance needs. Following are 16 Application Security Trends which we believe the industry will observeRead more about 16 Application Security Trends That You Can’t Ignore In 2016[…]

8 Questions to ask your Application Security Testing Provider !

8 Questions to ask your Application Security Testing Provider !

Choosing the right Application Security Testing Service Provider is not always an easy task. By asking the right questions and knowing what answers to look for, you can conduct the thorough evaluation of the various vendors available in the market and make the most intelligent choice for your business.There are numerous options like buying tools, using cloudRead more about 8 Questions to ask your Application Security Testing Provider ![…]

4 Areas where Artificial Intelligence Fails in Automated Penetration Testing

4 Areas where Artificial Intelligence Fails in Automated Penetration Testing

Formal Modeling and Automation is one of the things I love. I try to model everything and sometimes modeling helps and sometime it lands me in trouble. It helped me when I tried to model Penetration Testing and worked with my co-founder to design our first version of automated Penetration Testing Tool at iViZ. Where itRead more about 4 Areas where Artificial Intelligence Fails in Automated Penetration Testing[…]

10 questions to ask before you start your Bug Bounty program…

10 questions to ask before you start your Bug Bounty program…

Bug bounty programs are quite common these days with several of the biggest names in the industry have launched various avatars of the program. I have been asked by a few security managers and managements about should they launch a bug bounty program. Definitely bug bounty program has the advantage of crowd sourcing. However anRead more about 10 questions to ask before you start your Bug Bounty program…[…]

Checklist To Assess The Effectiveness Of Your Vulnerability Management Program

Checklist To Assess The Effectiveness Of Your Vulnerability Management Program

From our experience of helping organisations in building their ‘Vulnerability Management’ program, we feel that one of the major challenge the security manager/management faces does not always know the reality on the grounds. Obviously, the management is extremely busy and has got too many priorities. It is natural to get into managing whirlwinds. So, IRead more about Checklist To Assess The Effectiveness Of Your Vulnerability Management Program[…]

How to benchmark a web application security scanner?

How to benchmark a web application security scanner?

There is a plethora of web application scanner; every one of which claims to be better than the other. It is indeed a challenge to differentiate between them. We need to benchmark the application scanner against hard facts and not marketing claims. Below are some of the most critical metrics against which you would like to benchmark webRead more about How to benchmark a web application security scanner?[…]

Top 10 must-read blogs for CISOs on Data Loss Prevention solution

Top 10 must-read blogs for CISOs on Data Loss Prevention solution

Here is the list of my top 10 blogs on DLP solution, which you should go through if you are in-charge of creating, implementing and managing DLP program in your organisation.   1. A business case for Data loss prevention: A good small write up giving out some of the tips for building a business caseRead more about Top 10 must-read blogs for CISOs on Data Loss Prevention solution[…]

Top 7 Vendors in Cyber Threat Intelligence market at RSAC 2017

Top 7 Vendors in Cyber Threat Intelligence market at RSAC 2017

RSA conference is one of the leading security conference worldwide.  It creates a tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape.   Threat Intelligence Program is a set of people, process and technology which enables you to proactively Identify, collect, enrich and analyze threat information, strategic andRead more about Top 7 Vendors in Cyber Threat Intelligence market at RSAC 2017[…]