Introduction to SQL Injection Mitigation

What is SQL Injection? The popularity of Structured Query Language (SQL) injection attacks has grown significantly over the years and employing relevant mitigation practices will help your application from being added to a growing list of insecure applications implicated in significant data breaches. Despite its release nearly 30 years ago, SQL injection has been responsible…

Read more

Choosing a Vulnerability Scanner

Vulnerability scanning aims to reveal security weaknesses in an application by using automated tools to assess its code, design, and functionality. Design flaws which lead to vulnerabilities like Cross Site Scripting (XSS), SQL Injection, path disclosure, and other vulnerabilities found in the OWASP Top 10. The Vulnerability Landscape Understanding what vulnerabilities exist and identifying those…

Read more

Secure Scrum – Integrating Security with Agile

Successfully implementing strong application security is one of the most challenging non-functional tasks Scrum teams face.Traditional application security practices which carefully integrate security throughout the Software Development Lifecycle (SDLC) are often at odds with Scrum methodology which favors responsive development cycles that quickly produce working code. To unite the strengths offered by Scrum with the…

Read more

Secure Application Configuration Basics

In June of 2016 it was revealed that a database maintained by a large data brokerage company was hacked exposing 154 million US voter records and personal details like gun ownership, positions on gay marriage, and email addresses were retrieved. Database misconfiguration was the cause, the CouchDB database which stored the information was not configured…

Read more

add_circle_outlineLoad more posts