Security-related vocabulary includes a lot of words with imprecise meanings. Two such terms that give me a headache when used in the web application security context are the verbs to secure and to protect. But this headache is nothing compared to the one I get…
What government agencies need to know about CISA’s new Binding Operational Directive
The Cybersecurity and Infrastructure Security Agency (CISA) is reinforcing the nation’s cybersecurity efforts by announcing a new Binding Operational Directive (BOD) related to common vulnerabilities and exposures. Also referred to as CVEs, these publicly disclosed flaws in software open doors that attackers are able to…
Make your users part of the web security solution
Around the world today, we’re seeing instances of people being either part of the solution or part of the problem. In the context of information security, it seems we mostly witness people being part of the problem. But there’s often little discussion about people being…
Webcast Recap: Unlocking your AppSec future
There’s a progress problem in application security (AppSec). According to Cloud Security Alliance, the number of global web apps doubled in the last five years from 863 million in 2015 to 1.9 billion in 2020. Yet at the same time, developers and security practitioners are…
What is continuous web application security?
The term continuous security in the context of web application security is best understood when paired with well-known terms continuous integration and continuous deployment (CI/CD). Continuous security means that security is part of a continuous process – DevSecOps or, even better, SecDevOps. The confusion around…
FISMA Update: What’s changing and why it matters
In early October, the Homeland Security and Governmental Affairs Committee announced bipartisan legislation that’s set to make waves in federal civilian cybersecurity. This move to overhaul the Federal Information Security Management Act (FISMA) from 2014 is especially notable as the government became the most targeted…
Dev-Sec convergence: New research details progress and challenges on the road to secure innovation
Invicti Security’s Fall 2021 AppSec Indicator report reveals where organizations make security trade-offs in the push to innovate; explores the promise of automation and integration Austin, TX, October 26, 2021 at 9am EDT – Nearly all organizations are increasing their investment in application security this…
New Industry Study: 70% Of Teams Skip Security Steps
Hot off the presses, the Fall 2021 Invicti AppSec Indicator is shedding light on the state of web application security (AppSec), including areas for improvement to speed up software innovation. The report, created in partnership with Wakefield Research, surveyed 600 individuals in security, development, and…
Deploying AcuSensor for PHP – AWS Elastic Beanstalk
AWS Elastic Beanstalk allows you to deploy a web application that can scale to match end-user demand. This simple example will demonstrate how you can deploy AcuSensor together with your web application into AWS Elastic Beanstalk. Step 1. Create your target in Acunetix For this…