by Mike Zusman | May 20, 2021 | Featured, News, Strategy, Techniques
There are many different types of security assessment methodologies identified by cute color associations. Here are simple descriptions of the most popular to help you choose which approach is right for you. Your opinion on these descriptions may differ from mine, and...
by Mike Zusman | May 13, 2020 | Cloud, Digital Transformation, Featured, News
Application Security, or AppSec, is a race between your business and bad actors. Whether you realize it or not, people and bots are constantly attacking and probing your Internet-facing and cloud hosted applications. In fact, it’s not uncommon to hear of...
by Mike Zusman | Apr 22, 2020 | Digital Transformation, Featured, News
As we discussed in our previous post: your best appsec engineer is already on your team, you just need to find them. In larger development organizations, however, this one person might not be enough to create the culture of security necessary for long term risk...
by Mike Zusman | Apr 21, 2020 | Featured, News, Techniques
A company asked us for help with a troubling issue: anonymous web site users would randomly become authenticated as other users in their financial services application. The client’s engineering team had no meaningful log data, and wasn’t able to reproduce the issue...
by Mike Zusman | Apr 13, 2020 | Digital Transformation, Featured, News
There are things you can do to improve application security even if you’re unable to recruit and retain an application security engineer. In a previous post, I highlighted some of the challenges associated with hiring appsec people. We see companies struggle to hire a...
