3 Reasons You Should Be Threat Modelling Today
Let’s be straight here. I'm sure a lot of you have the sneaking suspicion that this article and threat modelling in general are as interesting as watching paint dry. It’s not as fun as a story about...
View ArticleThe 10 Step Application Security Test
Securing apps is a major challenge and achievement for any organization. For an app to be secure, it should not only be developed securely, but security needs to be integrated through the entire...
View ArticleWhy Authorisation is Still a Major Security Issue in Your Web Apps
When you look at the biggest trends in software development in the last few years, Web and Mobile apps stands out as by far the most dominant. And it's not hard to understand why.Web and cloud-based...
View ArticleYour Excel Sheets Are Not Safe! Here's How to Beat CSV Injection
Here's something a lot of you might not have thought much about: security vulnerabilities in your Excel sheet. Well, not in your Excel sheet, but how you transfer or export data onto them.Many web...
View ArticleA Step by Step Guide to Integrate ZAP with Jenkins
You're probably here because you want to improve your application security while it's still in the pipeline. In a Rapid Application Development Cycle, whenever a new version or feature of the product...
View Article3 Ways That An XXE Injection Attack Could Hit You Hard
Web / Mobile Applications, Word Processors , Web Services, and Content Management Platforms use the Extensible Markup Language (XML) format to store and transport data between the systems that are in...
View ArticleWhy Regression Testing is So Important for AppSec Automation
It's a fact of life that practically all the applications we use and develop today are in constant flux. Features are being added or tweaked, bugs are being fixed, and...ah, crap, that last update just...
View Article5 Tips on How to Choose an Application Security Testing Vendor
When it comes to choosing a vendor that can effectively test your apps for security flaws, there's just so many different things to consider that it's easy to be overwhelmed. It's a crowded marketplace...
View Article3 Ways to Exploit Misconfigured Cross-Origin Resource Sharing (CORS)
The Same-Origin Policy(SOP) restricted information sharing between applications and allowed sharing only within the domain the application was hosted on. This was a precaution to protect systems from...
View Article