Application Security
It is Time to Reclaim Control (and Responsibility) Over Your Application Security
In recent years, the cybersecurity industry has embraced a “shift left” approach, advocating for security considerations to be integrated earlier in the software development lifecycle. This strategy, born from a desire to ...
Navigating SAP Security Notes: July 2024 Patch Tuesday
SAP published 16 new and two updated Security Notes for July 2024 Patch Tuesday. Compared to June’s SAP Security Patch Day release, this month’s release contains more patches overall but with similarly ...
Limitations of current automatic specification generation tools
Explore the limitations of current automated specification generation tools and how Escape's static analysis techniques stand out ...
Context is king: what the next generation of AppSec tools is learning from SIEM
Success breeds…confusion? AppSec teams face an average of 118,000 vulnerability alerts across their software supply chain. If even 1% of those are being exploited in the wild, finding – and triaging ...
Database Penetration Testing: Secure Your Data
Today, organisations store a lot of sensitive data in their database systems. This could be customer info, financial records, intellectual property, etc. Protecting this from unauthorised access is key; database penetration testing ...
OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable)
Software security is key to the online world’s survival. Collaborative efforts of cybersecurity professionals and volunteers have come together to create the OWASP web security testing guide. Malicious actors constantly threaten web ...
Webinar recap: How to build relationships with developers?
Join our guest expert, Dustin Lehr, to learn how to earn developers' respect, introduce gamification, and get issues fixed in a security context ...
Understanding the Risks of Transitive Dependencies in Software Development
Transitive dependencies are one of the biggest headaches software developers must manage. Relationships between software components are complex (to say the least) and specifically for transitive dependencies — that is, indirect relationships ...
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack
The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, ...
DAST Vs. Penetration Testing: Comprehensive Guide to Application Security Testing
For two decades or so now, web applications have been the backbone of many businesses, making their security paramount. Dynamic Application Security Testing (DAST) and penetration testing are crucial for identifying and ...
