7 principles of secure design in software development security

Tue, 04 Feb 2025

You’ve probably seen the words “secure design” thrown around in cybersecurity, but what does that really mean, and how do you put it into practice in development?

What Changed and What you need to know about PCI DSS 3.0

Mon, 22 May 2017

The new PCI DSS version 3.0 guidelines will take effect on the 1st of January 2014 but will only be forced in 2015. Still, 1 year passes by so quickly so read this document to see what changed and what is new in the new PCI DSS 3.0 guidelines and check how it might impact your business and the security of your websites and web applications.

Why You Should Run Authenticated Web Security Scans

Mon, 22 May 2017

Do you scan all sections of your web applications, including the authenticated sections? In this blog post you will find a number of reasons why you and every other web security expert and penetration testers should run authenticated web application security scans.

PCI Compliance – The Good, The Bad, and The Insecure – Part 2

Mon, 22 May 2017

In this second part of the compliance article, the author explains in detail how each and every category in the PCI DSS requirements should be dealt with to ensure that your websites, web applications and also business are operating securely. This is the definitive guide to PCI DSS compliance every business and organization should read.

PCI Compliance – The Good, The Bad, and The Insecure

Mon, 22 May 2017

In this first part of a two part article about PCI compliance and web application security, the author looks into the history of compliance, rules and regulations and explores the common shortcomings of such rules. The author also explains why there are such shortcomings and explains that by being compliant, does not necessarily mean having secure web applications.

How to evaluate web application security scanners

Fri, 09 Aug 2019

Top 10 Mistakes when Performing a Web Vulnerability Assessment

Mon, 22 May 2017

In Information Technology there are numerous mistakes, oversights, and blunders that are repeated consistently day after day. But given what there is to lose when it comes to web application security, why not learn from the mistakes of others so you don’t get burned? This blog post lists the top 10 mistakes typical web application security experts do and that you need to be aware of when seeking out the real business risks in your web vulnerability assessments:

14 years of SQL injection history and still the most dangerous vulnerability

Thu, 22 Aug 2013

Getting developers on board to transition from part of the problem to part of the process

Mon, 22 May 2017

Are your web application developers key players in the web application security equation? They are often the unsung heroes who help prevent many security problems from ever occurring, or closing down web vulnerabilities once identified. Yet in the real world they are often portrayed as a large part of the security problem. It doesn’t have to be that way.

Shared Hosting and Web Application Security – The Opposites

Mon, 22 May 2017

Shared hosting might be an affordable solution for many businesses and startups, but because of the way shared hosting works web application security is not in your control. Read about all the pitfalls of shared web hosting and what you should look for when choosing a hosting provider for your web applications.

Should you pay for a Web Application Security Scanner?

Wed, 13 Sep 2017

If you ask 10 web security specialists which is their favorite web vulnerability scanner, most probably you will get 30 different answers. Digging deeper you will also find that while some prefer to use free tools, several others prefer to rely on a commercial web vulnerability scanning solution. This web security blog post highlights the differences between free web security tools and commercial web application security scanners.

Web Application Security Testing should be part of QA Testing

Mon, 22 May 2017

Web vulnerability scanning should form part of the normal QA process when developing web applications to ensure that a business develops and releases secure web applications. Unless project managers start classifying security vulnerabilities and other web application security issues as normal functionality bugs, web developers will keep on developing vulnerable web applications.

Why Web Vulnerability Testing Needs to be Automated

Mon, 22 May 2017

There are several pitfalls in web application security and one of them is sticking to manual audits only. This blog posts highlights the benefits of automating the process of finding vulnerabilities and other security issues in modern web applications. It also looks into the common pitfalls encountered by web security specialists when trying to identify all web application vulnerabilities manually.