How to find the perfect security partner for your company

An external security partner provides a valuable service: security testing, paired with objective advice on how to keep your applications secure. They often make the difference between protecting your data…

Security gives your company a competitive advantage

In rowing, when your team is in sync, the boat is flying on the top of the water, and you’re winning — it’s pretty magical. But sometimes, you “catch a…

3 major flaws of the black-box approach to security testing

Imagine a castle with a king who wants to know if he could be assassinated. He orders a loyal noble to send some knights to try to break into the…

Can bug bounty programs replace dedicated security testing?

A “bug bounty program” might sound like something out of the Wild West, but it’s actually an emerging way for companies to incentivize security researchers to find flaws in their…

The 7 steps of ethical hacking

To beat hackers at their own game, you need to think like them. They’re going to probe your software systems to find security vulnerabilities; you need to do this too. …

What is penetration testing, anyway?

Infosec Institute –  Infosec Institute –  If you have a software system that protects valuable data or other assets, you probably want to have it tested for security vulnerabilities. That…

Learn how to do application security right in your organization

The number of web applications continues to grow every year, and they remain a primary area of focus for cybercriminals and other malicious actors. Web apps are — by far…

Is your company testing security often enough?

A crucial component of securing a software system is having independent security experts test it for security flaws. But how often should you have this done? Short answer: frequently. Probably…

Why your company should prioritize security vulnerabilities by severity

Imagine that your application has two security flaws: one partially exposes non-identifying user information, while the other substantially exposes login credentials of your entire user base, including admin credentials. Of…

There’s no such thing as “done” with application security

If you’re like most companies in the software business, you’re relentlessly developing new features, streamlining workflows and improving the user experience. But every single change to your platform also changes…