Businesses often perceive vulnerability scanning as an alternative to penetration testing. This perception is wrong. An organization conscious of cybersecurity must include both these activities in their business processes and make sure that they work in unison. Missing out on one of them greatly decreases…
What is DevSecOps and how should it work?
DevSecOps stands for development, security, and operations. Similar to DevOps or SecOps, it is a concept that joins two previously separate roles into a unified environment. DevSecOps teams are responsible for providing conditions for continuous secure software development. Being a newer concept than DevOps, DevSecOps…
Four ways to combat the cybersecurity skills gap
The lack of cybersecurity talent is nothing new. It’s a problem that all businesses have been facing for several years and it’s getting worse. There have been many proposals on how to narrow the gap, but so far all efforts have been futile. Let’s have…
Four ways AppSec analytics help your DevSecOps pros work smarter, not harder
What’s in a number? For DevSecOps professionals, the answer is “a lot.” Analytics in application security (AppSec) hold immense power, helping teams decide where to focus their priorities and pick up on patterns that uncover knowledge gaps. Reporting with clear analytics helps set standards for…
How to build a cyber incident response plan
No matter how well you manage your security posture, there is always a chance that you will become a victim of a cyber attack. That is why every organization, no matter the size, should be prepared to react to a cyber incident. The key element…
Where cybersecurity frameworks meet web security
A cybersecurity framework is a set of guidelines for business environments to manage security effectively. Cybersecurity frameworks are adaptive and usually cover multiple aspects of cybersecurity programs, including security controls, appropriate safeguards and mitigation, appropriate activities, risk management programs, protective technology, continuous monitoring, as well…
DevSecOps: How to get there from DevOps
DevSecOps is a practice that merges the work done by development (Dev), security (Sec), and IT operations teams (Ops) to deliver the most efficient and effective software development practices. But why is it still so rare? Let us take a look at the difficulties of…
Invicti’s Spring 2022 AppSec Indicator highlights unrelenting direct-impact flaws
The spring 2022 edition of the Invicti AppSec Indicator has arrived hot off the presses, and it underscores some alarming trends for severe web vulnerabilities. The data shows that direct-impact flaws are still showing up in customer scan results at alarming rates. Worse still, these…
Critical alert – Spring4Shell RCE (CVE-2022-22965 in Spring)
On March 31, 2022, a serious zero-day vulnerability was discovered in the Spring framework core, which is an open-source framework for building enterprise Java applications. The vulnerability, dubbed Spring4Shell (similar to Log4Shell) or Springshell, was identified as CVE-2022-22965 (at the time of writing, not yet…