Dependency Checking Your Ruby Application

Dependency Checking Your Ruby Application Checking your application’s dependencies for known vulnerabilities is a critical, relatively low effort step you should take to secure your application, which you may have read about in another recent article: What is SCA? Compared to the wealth of tools used for dependency checking in, for example JavaScript,  there’s not […]

Read more
Database Security – A Pentester’s Notes
Padlock on a green door

One of the most prevalent issues that continue to vex application developers is weaknesses in database security that open us to exploit.  Database security is a broad subject, and I will not cover all the security issues here but want to provide context and understanding around some of the more comment vulnerabilities. In this blog, […]

Read more
Shifting Security Left: The Innovation of DevSecOps

Application security, or AppSec, is hard. For development teams, it often comes into development late in a release cycle and demands changes to the software that seem unreasonable. For the AppSec team, being introduced to a project after the application has been designed and much of the code has been written means there will be […]

Read more
Debunking 4 Myths of DevSecOps Adoption

Every day organizations incorporate DevSecOps into their software development, security, and operations practices to ensure they can build critical security controls into their agile software delivery. According to one survey, 84 percent of respondents said it’s difficult to reduce risk to their applications because they’re not able to monitor, detect, and prevent attacks at the application level. […]

Read more
X