Tag: OWASP

Update to Open Source ZAP Tool Improves DAST Performance

Mike Vizard | November 1, 2022 | attack proxy, DAST, devsecops, OWASP, SAST, ZAP

An update to the OWASP Zed Attack Proxy (ZAP) open source dynamic application security testing (DAST) tool made available today improves performance by employing a multi-threaded passive scanner engine. Version 2.12.0 of ...

mobile app testing efficient CREST Android mobile app development

CREST Defines Quality Verification Standard for AppSec Testing

Mike Vizard | August 9, 2022 | Black Hat 2022, CREST, OWASP, Software Supply Chain

At the Black Hat USA 2022 conference, CREST today shared a quality assurance verification standard to improve application security testing. The standard is based on the open source framework defined by the ...

Quali SigStore OWASP DevSecOps vulnerabilities security Pulumi DevSecOps Analyzing Code for Security Vulnerabilities

The Everything-As-Code Revolution and the OWASP Top 10

Aakash Shah | August 4, 2022 | application development, as-code, devsecops, OWASP

After years of stagnation, the Open Web Application Security Project (OWASP) Top 10 list finally saw some shakeup. Most notably, insecure design debuted on the list as the number four security risk ...

What the New OWASP Top 10 Changes Mean to Devs

Pankaj Gupta | June 23, 2022 | application security, AppSEcurity, devops, log4j, OWASP, security, ShiftLeft, SSRF, WAF

The open web application security project (OWASP) recently updated its top 10 list of the most critical security risks to web applications after four years. It represents the most radical shake-up since ...

What Is OWASP?

Mitch Ashley | January 11, 2021 | OWASP, OWASP static code analysis, OWASP Top 10, perforce, what is OWASP

With cybersecurity attacks rising, it is important for you to enforce secure software best practices, like OWASP and the OWASP Top 10. OWASP helps you to safeguard your code against software security ...

Cycode CodeLogic scanning Contrast Security secrets scan dynamic

DevSecOps Implementation: Dynamic Scans

Don Macvittie | November 30, 2020 | application vulnerabilities, devops implementation, devsecops, Dynamic Application Security Testing, OWASP

This is the third installment in this series on DevSecOps. Read the first installment, on static analysis, here and the second installment, on source composition analysis, here. One weakness of static analysis ...

DevSecOps Implementation: Source Composition Analysis

Don Macvittie | November 16, 2020 | application vulnerabilities, NVD, open source licensing, open source vulnerabilities, OWASP, Source Code Analysis

This is the second installment in this series on DevSecOps. Read the first installment, on Static Analysis, here. One of the better additions to security in recent years is source composition analysis ...

Breaking Down the OWASP API Security Top 10, Part 2

Erez Yalon | January 3, 2020 | API, API security, database management systems, injection vulnerability, OWASP, personal identifiable information, SQL injection

Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the ...

Best of 2019: Breaking Down the OWASP API Security Top 10, Part 1

Erez Yalon | January 1, 2020 | API, API security, authentication endpoints, OWASP, secure coding

As we close out 2019, we at DevOps.com wanted to highlight the five most popular articles of the year. Following is the fifth in our weeklong series of the Best of 2019 ...

DevOps and Security Shield Your Application

DevOps and Security: Be Ready to Shield Your Application

Debarghya Pandit | April 16, 2019 | application security, CI/CD pipelines, devops tools, devsecops, Jenkins, OWASP, software security

All of us have heard of continuous improvement/continuous delivery (CI/CD). There are many benefits to implementing CI/CD, as it helps seamless integration from end to end for development and deployment processes. CI/CD ...

Protego Spearheads Launch of the OWASP Official Serverless Top 10 Project

DevOps.com | November 19, 2018 | application attacks, OWASP, Protego Labs, serverless

Report to Educate Application Security Practitioners on Serverless Application Risks and Mitigation Techniques Baltimore, Maryland - The Open Web Application Security Project (OWASP) released today the official OWASP Serverless Top 10 project initiated ...

Tag: OWASP

Update to Open Source ZAP Tool Improves DAST Performance

CREST Defines Quality Verification Standard for AppSec Testing

The Everything-As-Code Revolution and the OWASP Top 10

What the New OWASP Top 10 Changes Mean to Devs

What Is OWASP?

DevSecOps Implementation: Dynamic Scans

DevSecOps Implementation: Source Composition Analysis

Breaking Down the OWASP API Security Top 10, Part 2

Best of 2019: Breaking Down the OWASP API Security Top 10, Part 1

DevOps and Security: Be Ready to Shield Your Application

Protego Spearheads Launch of the OWASP Official Serverless Top 10 Project

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust

5 Key Performance Metrics to Track in 2023

Debunking Myths About Reliability

New Relic Bets on AI to Advance Observability

Vega Cloud Commits to Reducing Cloud Costs

Don’t Make Big Tech’s Mistakes: Build Leaner IT Teams Instead

How to Supercharge Your Engineering Teams

Five Great DevOps Job Opportunities

The Power of Observability: Performance and Reliability

Cloud Management Issues Are Coming to a Head