Category //

The AppSec How-To: JavaScript Security Implications

JavaScript controls our lives – we use it to zoom in and out on a map, automatically schedule doctor appointments and play games online. But have we ever properly considered the security state of the scripting language? Before dismissing JavaScript security

The Web AppSec How-To: The Defenders’ Toolbox

The modern organization has a wide range of security solutions to pick from for their specific development needs. But picking the right Application Security solution can become quite confusing and overwhelming for CISOs and AppSec experts. Implementing the wrong or unsuitable choice can

The AppSec How-To: Guide to Getting Your Developers to Beg for Security

Security is fascinating. It touches each and every one of us – whether we’re making an online credit card purchase, transferring funds or entrusting a service with our intimate emails. Security continues to intrigue with revelations of sophisticated attacks, sometimes analogizing

The 5 Key Benefits of Source Code Analysis

Static Code Analysis (SCA) is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. Two categories exist in this realm: Byte/Binary Code Analysis (BCA) which analyzes the binary/ byte code that is created by the compiler. Source

The AppSec How-to: Achieving Security in DevOps

DevOps is good all around when done right – and security plays a big part in helping DevOps organizations thrive. How do you integrate security within a Continuous Deployment (CD) environment where every 5 minutes a feature, an enhancement, or a

The AppSec How-to: Visualizing and Effectively Remediating Your Vulnerabilities

The biggest challenge with Source Code Analysis (SCA) tools is how to effectively prioritize and fix the numerous findings. Developers are quickly overwhelmed while trying to analyze security reports containing results that are presented independently from one another. Take for example, WebGoat – OWASP’s

The AppSec How-to: 10 Steps to Secure Agile Development

In Agile’s fast-paced environment and frequent releases, security reviews and testing sound like an impediment to success. How can you keep up with Agile demands of continuous integration and continuous deployment without abandoning security best practices? Companies have found the following ten

The Security State of WordPress’ Top 50 Plugins

In June 2013, Checkmarx’s research labs ran multiple security scans against the source code of the most popular WordPress plugins. The result? More than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as

Decompilation Injection

This paper presents a novel way to protect .NET assemblies against reverse-engineering and decompilation by injecting them with commands that are activated only at the recompilation stage, the application retroactively detects the reverse-engineering process and acts upon it. This technique

ReDoS – Regular Expression Denial of Service

The regular expression denial of service (ReDoS) is a denial-of-service attack, that exploits the fact that most regular expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then

Skip to content