Applications are critical for doing business. They are also the weakest links in many an organization’s security chain. Many APIs continue to expose the personally identifiable information of customers, employees and contractors. As OWASP (Open Web Application Security Project) notes on its API Security Project homepage: “By nature, APIs expose application logic and sensitive data […]
Security starts before detection and response, but many organizations focus there first. Mature security teams understand the importance of identification and protection. Establishing good cyber hygiene and taking proactive measures to secure themselves against the ever-increasing threat landscape is a critical first step in a holistic security program. How should organizations build a holistic security […]
Although Linux is still a fraction of the market share of Microsoft Windows and Mac OS X, its growth continues to accelerate. Linux will continue to grow at compounded annual growth rate (CAGR) of 19.2% through 2027. Some of the primary factors for this growth include: Cloud computing infrastructure, Containerization of applications, and Microsoft’s support […]
There are a number of industry analyst reports on application security. Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market. For example, the Forrester Wave focuses on Static Application Security Testing, the Gartner Magic Quadrant focuses on Application Security Testing as a whole, […]
The news is flooded with updates regarding the COVID-19 vaccine. Cyberattacks are targeting the vaccine supply chain. Phishing attacks are exploiting sign-ups for the vaccine. There are even attacks to get access to vaccine data. Sounds a lot like our enterprises every day! We’re all learning about human immunology from the headlines, but what are […]
The growth of application development, DevOps, containers, and cloud has fueled the growth of application security tools. We now have static analysis, software composition analysis, interactive analysis, dynamic analysis, container scanning, infrastructure as code scanning, and a number of runtime application security products. That’s a lot of testing data, but how do we integrate it […]
