Checking for dependency vulnerabilities in freshly developed software is usually done near the end of the build process. Remediation at that point can be tricky. Now, JavaScript and TypeScript developers can check for vulnerabilities themselves as they – or their agents – write their source code, using an open source project called CVE Lite CLI. […]
Update to Open Source ZAP Tool Improves DAST Performance
An update to the OWASP Zed Attack Proxy (ZAP) open source dynamic application security testing (DAST) tool made available today improves performance by employing a multi-threaded passive scanner engine. Version 2.12.0 of ZAP also adds support for HTTP/2 and should make it simpler to update the vulnerability scanning tool by making the spider that discovers […]
CREST Defines Quality Verification Standard for AppSec Testing
At the Black Hat USA 2022 conference, CREST today shared a quality assurance verification standard to improve application security testing. The standard is based on the open source framework defined by the Open Web Application Security Project (OWASP). Tom Brennan, executive director for Americas at CREST, said the OWASP Verification Standard (OVS) measures an organization’s […]
The Everything-As-Code Revolution and the OWASP Top 10
After years of stagnation, the Open Web Application Security Project (OWASP) Top 10 list finally saw some shakeup. Most notably, insecure design debuted on the list as the number four security risk to web applications. “If we genuinely want to ‘move left’ as an industry, it calls for more use of threat modeling, secure design […]
What the New OWASP Top 10 Changes Mean to Devs
The open web application security project (OWASP) recently updated its top 10 list of the most critical security risks to web applications after four years. It represents the most radical shake-up since the list was introduced in 2003. The changes will undoubtedly have a big impact on how businesses address application security going forward and […]
What Is OWASP?
With cybersecurity attacks rising, it is important for you to enforce secure software best practices, like OWASP and the OWASP Top 10. OWASP helps you to safeguard your code against software security vulnerabilities. Continue reading to learn why OWASP is important. What You Need to Know About OWASP The Open Web Application Security Project (OWASP) […]
DevSecOps Implementation: Dynamic Scans
This is the third installment in this series on DevSecOps. Read the first installment, on static analysis, here and the second installment, on source composition analysis, here. One weakness of static analysis is its failure to account for environment and use. Running static analysis on a code base as the only check before production deployment […]
DevSecOps Implementation: Source Composition Analysis
This is the second installment in this series on DevSecOps. Read the first installment, on Static Analysis, here. One of the better additions to security in recent years is source composition analysis (SCA). The purpose of SCA is to sit in the gap between static analysis and dynamic analysis to help you find issues introduced […]
Breaking Down the OWASP API Security Top 10, Part 2
Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the project was designed to help organizations, developers and application security teams become increasingly aware of the risks associated with APIs. This past September, […]
Best of 2019: Breaking Down the OWASP API Security Top 10, Part 1
As we close out 2019, we at staging-devopsy.kinsta.cloud wanted to highlight the five most popular articles of the year. Following is the fifth in our weeklong series of the Best of 2019. As a result of a broadening threat landscape and the ever-increasing usage of APIs, the OWASP API Security Top 10 Project was launched. […]