Tag: OWASP
Update to Open Source ZAP Tool Improves DAST Performance
An update to the OWASP Zed Attack Proxy (ZAP) open source dynamic application security testing (DAST) tool made available today improves performance by employing a multi-threaded passive scanner engine. Version 2.12.0 of ...
CREST Defines Quality Verification Standard for AppSec Testing
At the Black Hat USA 2022 conference, CREST today shared a quality assurance verification standard to improve application security testing. The standard is based on the open source framework defined by the ...
The Everything-As-Code Revolution and the OWASP Top 10
After years of stagnation, the Open Web Application Security Project (OWASP) Top 10 list finally saw some shakeup. Most notably, insecure design debuted on the list as the number four security risk ...
What the New OWASP Top 10 Changes Mean to Devs
Pankaj Gupta | | application security, AppSEcurity, devops, log4j, OWASP, security, ShiftLeft, SSRF, WAFThe open web application security project (OWASP) recently updated its top 10 list of the most critical security risks to web applications after four years. It represents the most radical shake-up since ...
What Is OWASP?
With cybersecurity attacks rising, it is important for you to enforce secure software best practices, like OWASP and the OWASP Top 10. OWASP helps you to safeguard your code against software security ...
DevSecOps Implementation: Dynamic Scans
Don Macvittie | | application vulnerabilities, devops implementation, devsecops, Dynamic Application Security Testing, OWASPThis is the third installment in this series on DevSecOps. Read the first installment, on static analysis, here and the second installment, on source composition analysis, here. One weakness of static analysis ...
DevSecOps Implementation: Source Composition Analysis
Don Macvittie | | application vulnerabilities, NVD, open source licensing, open source vulnerabilities, OWASP, Source Code AnalysisThis is the second installment in this series on DevSecOps. Read the first installment, on Static Analysis, here. One of the better additions to security in recent years is source composition analysis ...
Breaking Down the OWASP API Security Top 10, Part 2
Erez Yalon | | API, API security, database management systems, injection vulnerability, OWASP, personal identifiable information, SQL injectionDue to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the ...
Best of 2019: Breaking Down the OWASP API Security Top 10, Part 1
As we close out 2019, we at DevOps.com wanted to highlight the five most popular articles of the year. Following is the fifth in our weeklong series of the Best of 2019 ...
DevOps and Security: Be Ready to Shield Your Application
Debarghya Pandit | | application security, CI/CD pipelines, devops tools, devsecops, Jenkins, OWASP, software securityAll of us have heard of continuous improvement/continuous delivery (CI/CD). There are many benefits to implementing CI/CD, as it helps seamless integration from end to end for development and deployment processes. CI/CD ...
Protego Spearheads Launch of the OWASP Official Serverless Top 10 Project
Report to Educate Application Security Practitioners on Serverless Application Risks and Mitigation Techniques  Baltimore, Maryland - The Open Web Application Security Project (OWASP) released today the official OWASP Serverless Top 10 project initiated ...
