In my last article, I described how many in the application security community have been obsessed with “shifting left”—that is, moving application security testing earlier in the software development ...

Risk rarely disappears; it migrates. Thus improvements in spam filters don’t reduce spam, but force it to move somewhere else–to images, or MP3s or PDF files. The same holds true for information ...

Eric Marchewitz is a field solution architect with a 23-year career in cybersecurity solutions, working for such companies as PGP Security, McAfee, Cisco and Check Point. He is a recovering CISSP and ...

Learn how protecting software reduces breaches, downtime, and data exposure. Includes common threats like injection, XSS, and weak access.

In an era where digital transformation accelerates at unprecedented rates, the security landscape presents endless opportunities and evolving threats. This frontier presents increasingly sophisticated ...

Application security often gets sacrificed for speed and to meet ever-tightening time-to-market windows for new apps needed to fuel new revenue growth. Increasing the urgency to get apps out early are ...

Protecting applications from potential cyber threats has become a critical security priority for businesses of all sizes. However, the approaches to securing applications can vary significantly ...

In my years managing security in complex environments, I've seen how threats and defenses evolve, but application security has proven a very tough nut to crack. What excites me today is the ...

Most breaches don’t outsmart your stack; they walk through a permissive load balancer you tuned for speed instead of trust. For a long time, I thought of the load balancer as a performance device. Its ...

Security professionals are alarmed by attacks that exploit third-party dependencies in the software supply chain, particularly when these applications utilize open-source code components. According to ...

SPI Dynamics – These days, the biggest threat to an organization’s network security comes from its public Web site and the Web-based applications found there. Unlike internal-only network services ...