How we came about the TeamCity XSS: CVE-2019-15848 On a recent client engagement, we were challenged to gain access to their private CI server. The CI server suffered from a
Finding coding errors early in the development life cycle can save organizations both time and money, as well as make applications more secure. Catching bugs early in development saves the
Integrating open source security tools into your SDLC Change always has costs connected to it. Change needed when moving security “left” in your software development lifecycle is no exception. One
New PCI DSS Security Standards Boosts DevSecOps Earlier this year, the PCI Security Standards Council released the first major revamp of its software standards in over a decade. The new
Hidden Costs of Security Tools for Developers As security “shifts left” in the application development lifecycle, developers will be called on to work with tools to reduce flaws in their
Security should not be an afterthought to DevOps DevOps has revolutionized how new applications are brought online, but it is also challenging how security teams do their jobs. In theory,
Vulnerability scanning aims to reveal security weaknesses in an application by using automated tools to assess its code, design, and functionality. Design flaws which lead to vulnerabilities like Cross Site
While there are reasons for changing your security pentest vendor, there are a few things that should be kept in mind….
Secure code review is vital in reporting security findings, we can understand the inner workings of applications and free it of any bugs.
SAST, DAST, IAST, and RASP It’s estimated that 90 percent of security incidents result from attackers exploiting known software bugs. Needless to say, squashing those bugs in the development phase
