Application Security

types of Application Security Testing Technologies

Checklist: How to choose between different types of Application Security Testing Technologies?

This blog will provide the pros and cons of different types of Application Security Testing Technologies, and checklist to chose among them. Static Application Security Testing (SAST) SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a running system.   Pros… Read More »Checklist: How to choose between different types of Application Security Testing Technologies?

CISO Viewpoint: Safe Penetration Testing

Safe Penetration Testing – 3 Myths and the Facts behind them Penetration testing vendors will often make promises and assurances that they can test your Web Applications safely and comprehensively in your production environment. So when performing Penetration Testing of a Web Application that is hosted in a Production Environment you need to consider the following myths and facts… Read More »CISO Viewpoint: Safe Penetration Testing

SAST vs. DAST: How should you choose ?

This blog will provide information about SAST or Static Application Security Testing and DAST or Dynamic Application Security Testing. And also answer the common question of SAST vs DAST. What is SAST? SAST or Static Application Security Testing is the process of testing the source code, binary or byte code of an application. In SAST you do not need a… Read More »SAST vs. DAST: How should you choose ?

How to choose your Security / Penetration Testing Vendor?

A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization.… Read More »How to choose your Security / Penetration Testing Vendor?

Top 5 Application Security Technology Trends

Following are the top 5 Application Security Technology Trends: 1.    Run Time Application Security Protection (RASP) Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself… Read More »Top 5 Application Security Technology Trends

Must Know Business Logic Vulnerabilities In Banking Applications

Over the last few years, our On-Demand and Hybrid Penetration Testing platform has performed security testing of applications across various verticals and domains including Banking, e-commerce, Manufacturing, Enterprise Applications, Gaming and so on. On one side, SQL Injection, XSS and CSRF vulnerabilities are still the top classes of vulnerabilities found by our automated scanning system,… Read More »Must Know Business Logic Vulnerabilities In Banking Applications

Penetration Testing for E-commerce Applications

Over the past decade, E-Commerce applications have grown both in terms of numbers and complexity. Currently, E-Commerce application are going forward becoming more personalized, more mobile friendly and rich in functionality. Complicated recommendation algorithms are constantly running at the back end to make content searching as personalized as possible. Here we will learn about the… Read More »Penetration Testing for E-commerce Applications

Source Code Analysis- How to Remediate your Vulnerabilities

The AppSec How -To:Visualizing and Effectively Remediating Your Vulnerabilities: The biggest challenge when working with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous results. Developers are quickly overwhelmed trying to analyze security reports containing results that are presented independently from one another.   Take for example, WebGoat – OWASP’s deliberately insecure Web application used as a… Read More »Source Code Analysis- How to Remediate your Vulnerabilities

5 Key Benefits of Source Code Analysis

Static Code Analysis: Binary vs. Source Static Code Analysis is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. According to Gartner’s 2011 Magic Quadrant for Static Application Security Testing (SAST), “SAST should be considered a mandatory requirement for all IT organizations that develop or procure application”. In fact,… Read More »5 Key Benefits of Source Code Analysis