Insight and analysis from thought leaders in agile development and testing, DevOps, security, test automation, and more.
Before diving into WAF security, it’s important to note the difference between web servers and application servers. A web server is internet facing on the front end, while an application server is where the code resides and is not internet facing. Between the web server and app server, all the HTTPs encrypted data is decrypted […]
SCA stands for Software Composition Analysis. It’s a technique where you try to analyze the dependencies that your application includes to make sure that they don’t have any known vulnerabilities. In fact, up to 80% of the components that we include in our applications have some known vulnerability in them which can expose our applications […]
So you want an interesting and professional background when you present online? Given how increasingly prevalent online presentation is, you might want to consider the possibility of using a technique called Chroma Keying, also known as green-screen. What you’ll need: Green material – fabric or screen or poster board. Vivid and flat color works best. […]
RASP stands for Runtime Application Self Protection. Like IAST it’s agent based, so it watches your software run and tries to determine if something is attacking it. The goal of IAST is to try to determine if something’s attacking it by a certain behavior. RASP adds a layer to that by recognizing something’s attacking it […]
IAST stands for Interactive Application Security Testing. The basic idea is that you have software that watches your application running, usually in a Java or .NET world that uses what’s called the profiling API, and it watches everything that happens in your application and tries to determine if that activity is somehow attacking the software. […]
As I mentioned in my previous post, this is a challenging time for agile teams as we are transitioning to being fully remote. Many are struggling to follow the agile principles, especially those that promote co-location and face-to-face communication. But even though we now find ourselves in a situation where these principles are challenging, it […]
DAST stands for Dynamic Application Security Testing, and it’s a blackbox suite of tools that really look at web applications on the front end. DAST looks at a running application looking for potential security vulnerabilities, architectural weaknesses, SQL injection, and cross-site scripting, among other security risks in the OWASP Top Ten. How is SAST different […]
SAST stands for Static Application Security Testing. SAST look through application source code for security defects, different issues written into the source code, and how the application is actually programmed to identify vulnerabilities that then have the potential being exploited. How is SAST different from DAST? SAST typically takes less time than running DAST, and […]
In the past several weeks, the world has experienced an unprecedented amount of change, and situations continue to evolve rapidly as each day goes by. It’s safe to say that many businesses are experiencing shifts, both major and minor, as they seek ways to maintain business continuity while heeding precautionary measures. Although there lies a […]
“Failure is Feedback and Feedback is the breakfast of Champions” – fortune cookie Introduction This is the second blog in a series focused on software tools, processes and principles behind receiving feedback. In my first blog I discussed the importance of receiving feedback early and often throughout the software development lifecycle. Feedback is essential in […]
