Creating a remediation plan can be tricky. In fact, customers often tell us that it???s much easier to create a plan to help developers scan applications quickly and easily than it is to establish remediation goals. But if vulnerabilities aren???t remediated right away, there???s a higher chance that they will never be remediated. Our recent… Continue reading Cracking the Code to a Successful Remediation Plan
Month: October 2020
Frequency, Speed, and Accuracy Are a Match Made in AppSec Heaven
???Make it work, make it right, make it fast.??? These words from renowned software engineer Kent Beck will always ring true for developers, especially with the pace of development picking up, not slowing down. A GitLab survey from last year showed nearly half (43 percent) of respondents deploy software on-demand or multiple times per day… Continue reading Frequency, Speed, and Accuracy Are a Match Made in AppSec Heaven
Cyberthreats During the Pandemic Are on the Rise
With the sudden shift to digital that many businesses are facing in response to the pandemic, preventing cyberattacks is more important than ever. According to the FBI, attacks related to COVID-19 have increased 400 percent in recent months. And with data from Gartner showing that 74 percent of companies expect to maintain some level of… Continue reading Cyberthreats During the Pandemic Are on the Rise
Verizon Data Breach Investigations Report Finds an Increase in Web Application Breaches
Verizon recently published its 2020 Data Breach Investigations Report (DBIR), which analyzed 32,002 security incidents in 16 different industries and four different world regions. Similar to last year???s findings, the majority of breaches ??? 86 percent ??? are financially motivated, and most ??? 70 percent ??? are caused by outsiders. Credential theft, social attacks (i.e.,… Continue reading Verizon Data Breach Investigations Report Finds an Increase in Web Application Breaches
Realigning Priorities and Building a Bridge Between Security and Development
It???s a common conundrum for application security (AppSec) teams??ヲhow can developers and security professionals work together to release software faster? It takes a working relationship, good communication, and the right tools, which most teams don???t have. Even more discouraging, stigmas follow both teams around the office; developers often worry that security is there to slow… Continue reading Realigning Priorities and Building a Bridge Between Security and Development
Announcing Our State of Software Security: Open Source Edition Report
Today, we published a special supplement to our annual State of Software Security report that focuses exclusively on the security posture of the open source libraries found in applications. Prominent in almost every application today, open source libraries allow developers to move faster by quickly adding basic functionality. In fact, it would be nearly impossible… Continue reading Announcing Our State of Software Security: Open Source Edition Report
Who is Tech Investor John Bernard?
John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months… Continue reading Who is Tech Investor John Bernard?
Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw
Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to… Continue reading Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw
Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack
Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook… Continue reading Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack
Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack
The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here… Continue reading Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack