In web application security, a false positive is when a security scanner indicates that your website has a vulnerability, but in reality, there is nothing there to fix. Security professionals chase endlessly, looking for non-existent cyberattacks which can be leading cause of burnout among security professionals.

more →

In the complex and dynamic world of application security, best practices are your best friends. This post shows how you can build an effective AppSec program based on tried and tested workflows and tools for vulnerability testing and remediation.

AppSec that makes a lasting impact is one you have to stick to, fine-tune, and hold yourself accountable for.

more →

The energy sector is no stranger to cyber attacks. Industry leaders need to build resilience into their organisations to maintain operability.

more →

Let’s examine what distinguishes SASE from SSE, and why both concepts are so fundamental to building cloud-centric security and networking architectures of the future.

more →

Organizational attack surfaces are expanding, giving attackers bigger targets to hit. It’s a sneaky battle and one that organizations have to fight. By understanding the attack surface, expanding your intelligence capabilities, and getting to know the enemy, you’ll be prepared for the fight ahead.

more →

While the COVID-19 pandemic has disrupted business models around the world, the adoption of modern application and cloud technologies continues to grow.

Here we are sharing a blog from our partners Sumo Logic. Their Continuous Intelligence Report provides an inside look into the state of the modern application technology stack, including changing trends in cloud and application adoption and usage by customers, and the impact of COVID-19 as an accelerant for digital transformation efforts.

more →

 

Risk of 3rd party applications has always been a concern for security teams. The SolarWinds breach is an example of a 3rd party application inserting a vulnerability into an otherwise secure infrastructure. While the SolarWinds breach occurred in an on-premise environment, 3rd party apps can also create vulnerabilities in SaaS environments.

more →

Frankly, it’s a tough time to be in cybersecurity. Perhaps the toughest ever. There have been over a dozen zero-days in the past three months alone, with countless organizations across the world affected.

We’re barely four months removed from SolarWinds—a watershed attack some thought would set the standard for the impact a vulnerability could have—and already dealing with a new attack that dwarfs it in scale.

more →