Application Security

Tips on keeping software secure.

THE AWS SHARED RESPONSIBILITY MODEL: 3 AREAS OF IMPROVEMENT TO MAKE TODAY, PART 1

Editor’s Note: This post originally appeared on HackerOne’s blog. Migrating your digital assets to the cloud can seem overwhelming at times. But you’re not alone. AWS has done a good job of meeting you halfway to help with security. AWS calls it the Shared Responsibility Model. Both you and AWS are each responsible for the …

THE AWS SHARED RESPONSIBILITY MODEL: 3 AREAS OF IMPROVEMENT TO MAKE TODAY, PART 1 Read More »

7 Common Security Pitfalls to Avoid When Migrating to the Cloud

Editor’s Note: This post originally appeared on HackerOne. So you want to move to the cloud. It’s okay. You’re not alone. 96 percent of decision makers in one survey have cloud initiatives underway. Enterprise IT teams will soon reach the tipping point, spending over 50 percent on cloud apps and services instead of on-premises deployments for the first …

7 Common Security Pitfalls to Avoid When Migrating to the Cloud Read More »

How to Secure Your Feature-Flag-Based Application

Editor’s Note: This post originally appeared on Rollout.io. You can’t wait for next week. You’ve sold your management on the importance and usefulness of feature flags for your application. Your development team is ready to deliver its first experiments with feature flags and next week is when you’ll turn them on. Then you get a phone call. …

How to Secure Your Feature-Flag-Based Application Read More »

DevOps Security Means Moving Fast, Securely

Editor’s Note: This post originally appeared on Scalyr’s blog. Check them out if you need operational monitoring to help your DevOps go. In this world of lightning-fast development cycles, MVPs, and DevOps, it may intuitively feel like security gets left behind. You might be thinking, “Aren’t the security guys the ones who want to stop everything …

DevOps Security Means Moving Fast, Securely Read More »

Security as Code: Why a Mental Shift is Necessary for Secure DevOps

Editor’s Note: This post originally appeared at Simple Programmer. They help make the complicated simple. Inertia is “the tendency to do nothing or remain unchanged.” It is a strong force in physics. It also often holds sway in the technology industry. By 1996, the first official definitions of Internet Protocol Version 6 (IPv6) were created. Over 20 …

Security as Code: Why a Mental Shift is Necessary for Secure DevOps Read More »

5 Reasons You Need Application Security Champions

Have you ever felt that your developers and your application security team don’t see eye-to-eye? Do your developers hold feelings of dread at the mention of “the security guys”? This is a common problem with culture in the industry. There has long been a cultural divide between security and application teams. Developers want to deliver …

5 Reasons You Need Application Security Champions Read More »

Your Security Perimeter is a Living Cell, Not a Castle Wall

Editor’s Note: This post was originally posted on Cobalt’s blog. Check out the original post here. Check out their site if you are interested in a new way to pen test your application. You’ve heard the analogy before. Your enterprise is a fortress. Protect it with towers. Build stone walls to protect your data. Build …

Your Security Perimeter is a Living Cell, Not a Castle Wall Read More »

The Developer’s Guide to Cryptography: Hash Functions and HMACs

So far, we’ve discussed the basics of encryption and symmetric encryption algorithms. Encryption is used to protect the confidentiality of data. Let’s now take a small turn and look at protecting the integrity and authenticity of data. Encryption can protect data from being read while in transit. However, this does not prevent the data from …

The Developer’s Guide to Cryptography: Hash Functions and HMACs Read More »

The Developer’s Guide to Cryptography: Why ASP.NET Core 2 Gets It Right

Last time, we discussed what AES encryption looks like in Node.js. Now, to get a flavor of what other languages and frameworks do for AES encryption, we’ll take a look at ASP.NET Core 2. I am excited with what ASP.NET Core and .NET Core in general do for C# and other Microsoft technologies. ASP.NET Core …

The Developer’s Guide to Cryptography: Why ASP.NET Core 2 Gets It Right Read More »