Skip to main content

APPLICATION SECURITY KNOWLEDGE BASE

The following is an extensive library of topical guides that are helpful and informative resources on a range of topics relating to application security.

.NET SQL injection

.NET SQL injection remains a critical risk. SQL injection in .NET continues to be one of the most prevalent threats to websites and applications. A .NET SQL injection is a security weakness in a .NET…

Agile SDLC

Adding security to the agile SDLC While an agile software development lifecycle (agile SDLC) can dramatically increase the pace of development, many development teams have difficulty balancing the…

Agile Security

Agile security is a must for software development While software development teams have often seen a conflict between Agile methods and secure development, agile security is the only way to ensure…

Agile Software Development Lifecycle

What is Agile? The Agile Manifesto formally introduced the idea of Agile Software Development in 2001. Agile is a collection of software development methods used by groups of developers to quickly…

Android Hacking

Introduction to Android Hacking - Hacking Applications, Hacking Tools and Resources, and How to Secure Your Android Device from Getting Hacked Since its inception in September 2008, the Android…

Android Security: Guide to Android OS

Introduction to the Android Operating System and Android Security Features (including Android Application Security) Android is a Linux kernel mobile platform. Android runs on a wide range of devices…

App Security Testing

Integrate app security testing into your entire SDLC. Web applications have become the primary vector for attacks, making app security testing critical to protecting the enterprise. With superior…

Application Control Audit

Secure your software with an application control audit. An application control audit is designed to ensure that an application’s transactions and the data it outputs are secure, accurate and valid.…

Application protection

Achieve application protection with cloud-based testing tools. It’s no wonder that application protection is a top priority for many organizations – software applications are the most-attacked part…

Application Security Assessment

Common misconceptions about application security assessments For enterprises developing software, an application security assessment is essential to producing software that is free of flaws and…

Application Security Best Practices

What are application security best practices? Web applications are the number one attack vector for data breaches, yet the majority of organizations fail to adopt application security best practices…

Application Security Risk

The application security risk of third-party software. Managing application security risk has become increasingly complex as more enterprises rely on third-party applications when deploying or…

Application Security Tools: Securing Web Apps

Deliver safer software with better application security tools The right application security tools can help development teams build safer software faster. Developers are always managing a balancing…

Application Security Vulnerability: Code Flaws, Insecure Code

Understanding Application Vulnerabilities What is an Application Vulnerability? An application vulnerability is a system flaw or weakness in an application that could be exploited to compromise the…

Application Testing Tools for Web App Analysis

Protect your software, use an application testing tool Application analysis is an important part of securing your enterprise. By identifying vulnerability in software before it is deployed or…

ARP Spoofing

What Is ARP Spoofing? ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of…

Attacks

Application Attack Types The following is an extensive library of security solutions articles and guides that are meant to be helpful and informative resources on a range of security solutions topics…

Automated penetration testing tools

Increase application security with automated penetration testing tools. Automated penetration testing tools can be an invaluable part of your web application security toolkit. Web applications have…

Automated Web Testing

Application Security Testing Improve application security with automated web testing. Automated web testing tools are a critical priority for development teams that need to increase application…

Black Box Analysis

Black box analysis is essential to application security Dynamic Analysis Security Testing (DAST), also known as black box analysis, is a critical tool for securing web applications. Designed to find…

Black Box Testing

Improve application security with black box testing Black box testing, also known as Dynamic Analysis security testing (DAST test), is an essential tool for achieving application security. Black box…

Blackbox Test

Improve Application Security with a Blackbox Testing Tool A blackbox test, also called a dynamic analysis security test (DAST test), is an invaluable part of any application security toolbox.…

Blackbox Testing Techniques

The Pros and Cons of blackbox testing techniques. Blackbox testing techniques – also known as dynamic analysis – are a crucial component of a comprehensive application security testing protocol.…

Cloud-based Security

Cloud-based security platforms improve control over third-party software. When working with third-party software, a cloud-based security platform can help your development team ensure that code you’…

Code Review Tools

Speed development with automated code review tools As development teams work to integrate security into the software development lifecycle (SDLC), the right code review tools can help to find…

Code Security Analysis

Code security analysis is a must for competitive enterprises Security is a major aspect of business competitiveness today. An attack on the enterprise can reduce productivity, tie up resources, harm…

Common Web Application Vulnerabilities

The following is an extensive library of security solutions, articles and guides that are meant to be helpful and informative resources on a range of Web vulnerability types, including, but not…

Computer Worm

What is a computer worm? Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. Worms typically cause harm to…

Container Security

How to secure software containers Adoption of software containers has risen dramatically as more organizations realize the benefits of this virtualized technology. Software containers are lightweight…

Credentials Management Flaws Information, Tutorial, and Cheat Sheet

What is a credentials management attack? What is the best way to handle passwords in Java, PHP, and other languages? How do you prevent credentials management flaws? How do you remediate credentials…

CRLF Injection Tutorial: Learn About CRLF Injection Vulnerabilities and Prevention

CRLF Injection Defined CRLF refers to the special character elements "Carriage Return" and "Line Feed." These elements are embedded in HTTP headers and other software code to signify an End of Line (…

Cross Site Scripting Prevention

Cross site scripting prevention requires strong application security. Solutions for cross site scripting prevention are on the rise as cross site scripting (XSS) attacks continue to plague…

Cross site scripting vulnerability

The danger of a cross site scripting vulnerability. As the number of cross site scripting attacks, or XSS attacks, continues to rise, organizations must find effective solutions to identify and fix a…

Cross-Site Request Forgery Guide: Learn All About CSRF Attacks and CSRF Protection

Cross-Site Request Forgery (CSRF) is an attack outlined in the OWASP Top 10 whereby a malicious website will send a request to a web application that a user is already authenticated against from a…

Cross-Site Scripting (XSS) Tutorial: Learn About XSS Vulnerabilities, Injections and How to Prevent Attacks

XSS - What Is Cross-Site Scripting? Cross-Site Scripting (also known as XSS) is one of the most common application-layer web attacks. XSS vulnerabilities target scripts embedded in a page that are…

CSRF Token

Prevent a Cross-Site Request Forgery with a CSRF token. While Cross-Site Request Forgery (CSRF) continues to be a common attack on applications, organizations can easily prevent it with a CSRF token…

CWE

Eliminate top CWE errors with Veracode. The Common Weakness Enumeration (CWE) is a list of weaknesses in software that can lead to security issues. While the CWE list is long, it is also prioritized…

CWE 117: Improper Output Sanitization for Logs

Flaw CWE 117: Improper Output Sanitization for Logs is a logging-specific example of CRLF Injection. It occurs when a user maliciously or accidentally inserts line-ending characters (CR [Carriage…

CWE 117: Improper Output Sanitization for Logs

Flaw CWE 117: Improper Output Sanitization for Logs is a logging-specific example of CRLF Injection. It occurs when a user maliciously or accidentally inserts line-ending characters (CR [Carriage…

CWE 209: Information Exposure Through an Error Message

Flaw CWE 209: Information Exposure Through an Error Message is a security weakness where an application or system reveals sensitive information to end users (and therefore, to attackers) in error…

CWE 209: Information Exposure Through an Error Message

Flaw CWE 209: Information Exposure Through an Error Message is a security weakness where an application or system reveals sensitive information to end users (and therefore, to attackers) in error…

CWE 601: Open Redirects

Flaw CWE 601: Open Redirects are security weaknesses that allow attackers to use your site to redirect users to malicious sites. Because your trusted domain is in the link, this can damage your…

CWE 601: Open Redirects

Flaw CWE 601: Open Redirects are security weaknesses that allow attackers to use your site to redirect users to malicious sites. Because your trusted domain is in the link, your organization’s…

CWE 639: Insecure Direct Object Reference

Flaw CWE 639: Insecure Direct Object Reference is an access control problem that allows an attacker to view data by manipulating an identifier (for example, a document or account number). Direct…

CWE 73: External Control of File Name or Path

Flaw CWE 73: External Control of File Name or Path is a type of security flaw in which users can access resources from restricted locations on a file system. It is commonly called Path Traversal. If…

CWE 73: External Control of File Name or Path

Flaw CWE 73: External Control of File Name or Path is a type of security flaw in which users can access resources from restricted locations on a file system. It is commonly called path traversal.…

CWE 78: OS Command Injection

Flaw CWE 78: OS Command Injection flaws occur if your application executes a native command when the name of, path of, or arguments to the command contain untrusted data (such as input from a web…

CWE 78: OS Command Injection

Flaw CWE 78: OS Command Injection flaws occur if your application executes a native command when the name of, path of, or arguments to the command contain untrusted data (for example input from a…

CWE 80: Cross-Site Scripting

Flaw CWE 80: Cross-Site Scripting (XSS) is a flaw that permits malicious users to execute unauthorized browser scripts in your users' browser. In an XSS attack, attackers identify or discover…

CWE 80: Cross-Site Scripting

Flaw CWE 80: Cross-Site Scripting (XSS) is a flaw that permits malicious users to execute unauthorized browser scripts in your users' browser. In an XSS attack, attackers identify or discover…

CWE 89: SQL Injection

Flaw CWE 89: SQL Injection flaws occur when you create a SQL statement by building a String that includes untrusted data, such as input from a web form, cookie, or URL query-string. For example…

CWE 89: SQL Injection

Flaw CWE 89: SQL Injection flaws occur when you create a SQL statement by building a string that includes untrusted data, such as input from a web form, cookie, or URL query-string. For example…

CWE 915: Improperly Controlled Modification of Dynamically-Determined Object Attributes

Flaw CWE 915: Improperly Controlled Modification of Dynamically-Determined Object Attributes, also known as overpost or mass-assignment, is a flaw in which an application accepts input data and does…

DAST Assessment

Increase application security with a DAST assessment. A dynamic analysis security testing assessment, or DAST assessment, is a crucial part of any web application security testing program. In a DAST…

DAST Test

Benefits of a DAST test for application security A dynamic analysis security testing tool, or a DAST test, is an application security solution that can help to find certain vulnerabilities in web…

Data Breach

Data Breach Survival Guide The Cost of a Data Security Breach As the number of internet-connected devices skyrockets into the billions, a data breach prevention strategy is an increasingly important…

Data Loss Prevention Guide: Learn Data Loss Tips

Guide to Data Loss Prevention, Data Loss and Data Leakage Why Is Data Loss Prevention Important? According to a Gartner CISO survey, data loss prevention (DLP) is a top priority for CISOs. Data loss…

Data Security

Ultimate Data Security Guide Protecting Your Data Security and Data Privacy The first step in protecting your enterprise's data privacy and security is to identify the types of information you want…

DevOps Testing

Cloud-based tools can speed DevOps testing As DevOps transforms the software development process, development teams everywhere are searching for powerful DevOps testing tools that provide the speed…

DevSecOps

DevSecOps requires powerful testing tools DevSecOps, or secure devops, is the mindset in software development that everyone is responsible for app security. By integrating developers with IT…

Directory Traversal

What Is Directory Traversal? Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Directory traversal, also known…

Encapsulation Vulnerabilities

What Is an Encapsulation Vulnerability? Encapsulation refers to a programming approach that revolves around data and functions contained, or encapsulated, within a set of operating instructions.…

Error Handling Flaws - Information and How to Fix Tutorial

What Is Improper Error Handling? It’s not unusual for web applications or databases to generate error messages. In fact, they’re a normal part of operations, and they provide valuable insights into…

Ethical Hacking

Guide to Ethical Hacking: Tools and Free Tutorial on Ethical Hacking What Is Ethical Hacking? Computer hacking is a practice with many nuances. Intent, whether benign or malicious, is often in the…

Facebook Security Guide: Application Security Issues, Settings, Tips

Facebook Application Security: Learn About Potential Issues and Breaches, Get Tips for Improving Facebook Security Since its launch in 2004, Facebook has become the world’s leading social networking…

Failure to Restrict URL Access

Background on the OWASP Top 10 and Failure to Restrict URL Access Failure to Restrict URL Access is one of the common vulnerabilities listed on the Open Web Application Security Project’s (OWASP) Top…

Gray Box Testing

Application security through gray box testing In application security testing, gray box testing (or gray box testing) is a combination of white box testing and black box testing, and can be an…

Insecure Cryptographic Storage

Insecure Cryptographic Storage Defined Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely. Insecure Cryptographic Storage isn’t a single…

Insufficient Transport Layer Protection

Insufficient Transport Layer Protection Tutorial: Learn About Insufficient Transport Layer Protection Vulnerabilities and Prevention Insufficient Transport Layer Protection Defined Insufficient…

iOS Security Guide: Data Protection Tips

iOS Security Overview According to Apple’s iOS Security Guide, iOS security can be viewed in four layers: system architecture encryption and data protection network security device access iOS System…

JavaScript Security

What Is JavaScript? JavaScript is a high-level, interpreted programming language that has been widely used since its release in 1995. JavaScript is currently the world’s 11th most popular programming…

Keylogger

Keyloggers: Detectors, PC Monitors, Keylogger Software, What Is a Keylogger What Is a Keylogger? Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (…

LDAP injection

The danger of an LDAP injection LDAP injection is a type of attack on a web application where hackers place code in a user input field in an attempt to gain unauthorized access or information. Like…

Linux Hacking

Learn about Linux Hacking Tools, How to Stop Hackers Background on Linux Linux is an open source operating system for computers. Linux is a Unix-like operating system, meaning that it supports…

Malicious Code

What Is Malicious Code? Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a…

Man in the Middle (MITM) Attack

Man-in-the-Middle Tutorial: Learn About Man-in-the-Middle Attacks, Vulnerabilities and How to Prevent MITM Attacks What Is a Man-in-the-Middle Attack? A man-in-the-middle attack is a type of…

Microservices

The challenge of making microservices secure. Microservices represent a decentralized approach to software development, where larger applications are broken down into smaller components, or…

Mobile app security testing

Resolve vulnerabilities with mobile app security testing. With the rise of mobile Internet usage, mobile app security testing has become a critical part of protecting users and organizations from…

Mobile App Testing

Secure mobile applications with superior mobile app testing. As you work to ensure the security of your mobile applications, the right mobile app testing solutions can help reduce cost and speed…

Mobile Code Security

Improve the Security of Your Mobile Applications Mobile App and Mobile Code Security Risks There are two main categories of mobile code security risks: (1) malicious functionality and (2)…

Network security tools

Add application testing to your network security tools. As companies strive to protect their computer systems, data and people from cyber attack, many have invested heavily in network security tools…

NIST Compliance

Addressing NIST Special Publications 800-37 and 800-53 The National Institute of Standards & Technology (NIST), a non-regulatory agency of the U.S. Dept. of Commerce, is a measurement standards…

Open Source Vulnerabilities

Open source vulnerabilities create serious risks. While open source software offers many benefits to enterprises and development teams, open source vulnerabilities pose significant risks to…

OS Command Injection Primer: How They Work and How to Prevent Attacks

What is OS Command Injection? Command injection refers to a class of critical application vulnerabilities involving dynamically generated content. Attackers execute arbitrary commands on a host…

OWASP security

Address OWASP security risks with Veracode. When you want to identify and remediate the Top Ten OWASP security threats, Veracode’s cloud-based services can help. The Open Web Application Security…

OWASP Testing Tools

Enterprise application testing OWASP testing tools help remediate the biggest security threats. As you seek to focus your efforts at improving application security, acquiring OWASP testing tools is a…

OWASP Top 10 Vulnerabilities

What is OWASP and the OWASP Top 10? The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security.…

Password Hacking

How to Defend against Password Hacking Any way you look at it: your secret passwords are under attack. Computer hackers love to successfully defeat cryptography systems. Cybercriminals enjoy getting…

PCI security

Veracode testing tools enable PCI security compliance. For software development organizations, complying with Payment Card Industry Data Security Standard 3.0 (PCI 3.0) requires an investment in…

Penetration Testing

What Is Penetration Testing? Penetration Testing Defined There is a considerable amount of confusion in the industry regarding the differences between vulnerability scanning and penetration testing,…

PHP SQL injection test

Protect your applications with a PHP SQL injection test. While SQL injection continues to be a major threat to PHP applications, organizations can easily prevent these potentially devastating attacks…

Preventing XSS

Preventing XSS with a cloud-based testing solution While cross-site scripting (XSS) attacks continue to threaten enterprise security, preventing XSS attacks is simple – when you have the right tools…

Race Condition

What Is a Race Condition Vulnerability? A race condition attack happens when a computing system that’s designed to handle tasks in a specific sequence is forced to perform two or more operations…

Reflected XSS

The key to preventing a reflected XSS attack A reflected XSS attack is a kind of cross-site scripting attack, where malicious script is injected into websites that are trusted or otherwise benign.…

Role based access controls

Improve security with role-based access controls. Role-based access controls are a method for restricting access to a network based on a user’s role within the organization. As threats to the network…

Rootkit: What is a Rootkit?

Rootkit: What Is a Rootkit, Scanners, Detection and Removal Software What Is a Rootkit? A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while…

Ruby on Rails Security

Ruby on Rails Secure Development Guidelines What Is Ruby? Ruby is an object-oriented programming language. Ruby was first developed in the mid-1990s by Yukihiro "Matz" Matsumoto. Ruby supports…

SaaS Application Monitoring

Find vulnerabilities in web apps with SaaS application monitoring. As organizations rely ever more heavily on web applications for critical business functions, SaaS application monitoring is quickly…

SaaS Application Security

Protect software more effectively with SaaS application security services. Application security tools delivered as Software-as-a-Service (SaaS application security) provide real advantages over on-…

SDLC Agile

Making your SDLC agile and secure While the agile software development lifecycle, or agile SDLC, can deliver applications with greater speed, balancing security with SDLC agile processes has…

Secure Applications

The challenges of building secure applications quickly. For development teams racing to meet build deadlines, the need to deliver applications on time often trumps the need to deliver secure…

Secure Compliance

Meeting requirements for secure compliance in software development. As governments enact more laws governing the security of information and punishing data breaches, organizations everywhere are…

Secure Development Lifecycle

The following is an extensive library of security solutions articles and guides that are meant to be helpful and informative resources on a range of security solutions topics, from web application…

Secure DevOps

Secure DevOps requires best-of-breed testing tools While DevOps is disrupting software development in powerful and productive ways, implementing DevOps testing and understanding how to secure DevOps…

Secure Software Development Lifecycle (SDLC)

The Importance of Secure Development Lifecycle With the vast amount of threats that constantly pressure companies and governments, it is important to ensure that the software applications these…

Security DevOps

Putting Security into DevOps The practice of DevOps is transforming the software development lifecycle (SDLC), bringing lessons learned from quality control in manufacturing to the design and…

Security Review Software

Security Review Software, Enterprise Software Security Review, Code Security Review What Is a Software Security Review? The goal of a software security review is to identify and understand the…

Security testing tools for mobile applications

Simplify security testing for mobile applications. When it comes to security testing for mobile applications, development teams have traditionally faced a tough dilemma. Traditional mobile app…

Security Vulnerability Assessment Software

Vulnerability Assessment Software and Service, Scan and Identify Vulnerabilities in Code Get a Superior Alternative to Security Vulnerability Assessment Tools and Software Vulnerability assessment…

Session management

The risk of broken session management. Broken authentication and session management is consistently one of the OWASP Top 10 Web Application Security Risks, and a vulnerability that developers must…

Software Code & Security Audit

Three Critical Kinds of Software Audit There are many ways to “audit” a software application. Indeed the most basic kinds of software audit examine how the software is functionally configured,…

Software Code Security & Secure Code Analysis

Software Code Security Protects the Enterprise The enterprise today is under attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers have…

Software Development Lifecycle (SDLC)

What is a Software Development Lifecycle? SDLC Defined: SDLC stands for software development lifecycle. A software development lifecycle is essentially a series of steps, or phases, that provide a…

Software Security Testing

Software Security Testing Provides Critical Protection The Importance of Software Security Assessments Software security testing offers the promise of improved IT risk management for the enterprise.…

Software Security Testing Tools

What is Security Testing? A code security test analyzes how code is written and how it interacts with other objects in an environment to identify weaknesses or flaws that would allow an attacker to…

Software Testing

Protect applications with integrated software testing solutions Software testing to find flaws and vulnerabilities in code is a critical part of the software development lifecycle (SDLC) – especially…

Software Testing Methodologies and Techniques

There are a variety of different software testing methodologies development organizations use. The software testing technique an organization uses and the software testing lifecycle it follows are…

Software Testing Process

As the enterprise network has become more secure, attackers have turned their attention to the application layer, which, according to Gartner, now contains 90 percent of all vulnerabilities. To…

Software Testing Tools

Why Use Software Testing Tools? Most companies today will experience some form of attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers…

Source Code Analysis

Superior source code analysis offers greater security As the enterprise today is under constant threat from malicious attacks, source code analysis has become a top priority. By reviewing internally…

Source Code Analyzer

Source Code Security Analyzer Tool The enterprise today is under constant attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers have…

Spoofing Attack: IP, DNS & ARP

What Is a Spoofing Attack? A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or…

Spyware

What Is Spyware? Although it sounds like something James Bond would employ, spyware is all too real. Spyware is any software that installs itself on your computer and starts covertly monitoring your…

SQL cheat sheet

Get the latest on SQL injection with an SQL cheat sheet. SQL injection, also known as SQL insertion, is a dangerous vulnerability that is highly prevalent in enterprise web applications. While SQL…

SQL Injection Attacks & How To Prevent Them

The danger of SQL attacks. SQL attacks are among the most common threats to application security today. It takes relatively little skill to mount an SQL injection in .NET, Java or PHP, and the…

SQL Injection in Java

Combating SQL injection in Java applications. SQL injection in Java web applications continues to be a significant threat to enterprise security. The reason: a Java SQL injection is remarkably easy…

SQL injection scanner

Protect your applications with an SQL injection scanner. SQL injection continues to be a significant threat to application security, but the right SQL injection scanner can protect your software from…

Sql Injection: Vulnerabilities & How To Prevent Sql Injection Attacks

What is SQL Injection? How will SQL Injection impact my business? How do I prevent SQL Injection? What is SQL Injection? SQL injection (SQLi) is an application security weakness that allows attackers…

Static Analysis: Static Analysis Tools and Platforms

Veracode Is a Static Analysis Platform What Is Static Analysis? Static security analysis is one of the many code review tools that can be implemented without actually executing, or running, the…

Static Code Analysis

What is Static Code Analysis? Static code analysis, also commonly called "white-box" testing, is one of veracode's code review tools that looks at applications in non-runtime environment. This…

The dangers of open source risk

As the use of open source code in development projects continues to grow exponentially, software development teams must take great pains to address open source risk. Open source libraries can deliver…

Third-Party Risk Assessment

How to make third-party risk assessment easier. When it comes to purchasing software, third-party risk assessment is more difficult today than ever. Applications – and web applications especially –…

Unit Testing

The challenge of unit testing Unit testing is a software testing method that has been gaining in use and popularity in recent years. By testing small individual units of source code as applications…

Vendor Application Security Testing

VAST reduces the risk associated with third-party software — so you can innovate with more speed and confidence than ever. With VAST, we manage the entire third-party program for you as a cloud-based…

Vulnerability Assessment and Penetration Testing

What Is Vulnerability Assessment and Penetration Testing? Vulnerability Assessment and Penetration Testing (VAPT) are two types of vulnerability testing. The tests have different strengths and are…

Vulnerability Management

What Is Vulnerability Management? Vulnerability management can be defined as “the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities."1 Organizations use…

Vulnerability Scanner Tools

Vulnerability Scanning Enhances Enterprise Security Enterprise applications are under attack from a variety of threats. To protect the security of the enterprise, companies must be sure that their…

Web App Penetration Testing

Achieve compliance with manual web app penetration testing. Web app penetration testing is a key security requirement for a variety of regulatory frameworks, from PCI DSS and GLBA to HIPAA and FISMA…

Web Application

What is a Web App? Simply put, a web application is any application that is accessed via a web browser. The browser is the client that runs the web application and allows the user to enter…

Web Application Audit

Make a web application audit part of your SLDC. For app developers, a web application audit is the best way to ensure your app is secure before you release it and to prevent hacks, damage to…

Web Application Development: Secure Coding

The challenge of secure web application development Secure web application development is acknowledged as a critical priority for every enterprise producing software. Yet fewer than 10% of security…

Web Application Monitoring

Improve security with web application monitoring Web application monitoring solutions are quickly becoming an essential part of application security. Your organization increasingly relies on web and…

Web Application Penetration Testing

Find more flaws with manual web application penetration testing. When searching for vulnerabilities in websites and web apps, manual web application penetration testing is essential. Automated…

Web application scanner

Protecting software with a web application scanner. A web application scanner is a critical part of enterprise application security. Web applications are one of the most vulnerable aspects of…

Web Application Scanning

Address vulnerabilities with web application scanning As organizations rely more heavily on digital marketing and online communication, web application scanning can help IT teams to monitor the web…

Web Application Security Standards

Protecting software with web application security standards As web applications are now the #1 target in confirmed security breaches, development teams must adhere to web application security…

Web Application Security Testing

Protect your enterprise with web application security testing Web application security testing is critical to protecting your both your apps and your organization. Your web applications are likely to…

Web Application Testing

Securing your organization with web application testing Web application testing is a critical tool in the defense against security threats to your software applications. Web applications are…

Web pen testing

Web pen testing: a critical component of application security. Web penetration testing, or web pen testing, is an important part of ensuring that applications are free of vulnerabilities that could…

What Is a Buffer Overflow? Learn About Buffer Overrun Vulnerabilities, Exploits & Attacks

A buffer overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit to gain access to your system. To effectively mitigate buffer overflow vulnerabilities, it is…

What is a worm

Along with “computer virus,” the term “computer worm” has become a highly familiar phrase thanks to the rapid rise and media coverage of cyber threats in recent years. But what is a worm and what…

What is an integrated development environment

What is an integrated development environment? In software development, an integrated development environment(IDE) is a central technology used by developers to write code. But what is an integrated…

What Is an Integrated Development Environment (IDE)?

An integrated development environment (IDE) is an application that facilitates application development. IDEs are designed to encompass all programming tasks in one application. Therefore, IDEs offer…

What is IAST? Interactive Application Security Testing

IAST (interactive application security testing) analyzes code for security vulnerabilities while the app is run by an automated test, human tester, or any activity “interacting” with the application…

What is SQL Injection

What is SQL injection? With SQL injection attacks on the rise, many who aren’t experts on cybercrime are often hard-pressed to answer questions like “What is SQL injection and how do I prevent it?”…

What is Systems Development Life Cycle

What is system development life cycle? The term “system development life cycle,” or SDLC, is tossed around frequently when talking about the software develop process, but many people have only a…

What is Third-Party Software Security

Third-party also known as supply chain, vendor supplied or outsourced software is any program or application that is not written exclusively by employees belonging to the company for which that…

Wireless Sniffer: Tools, Software to Detect Packet or Network Sniffers

What is a Wireless Sniffer? A wireless sniffer is a type of packet analyzer. A packet analyzer (also known as a packet sniffer) is a piece of software or hardware designed to intercept data as it is…