In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now…

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can…

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the…

Five years ago, Marc Andreessen famously stated that “software is eating the world,” and it has and is in ways that he probably couldn’t have imagined even five years ago. Applications are no longer a nice-to-have. They play a central role in how and why businesses operate, and companies are…

Those new to AppSec might wonder – how often do I have to test my apps for security? One school of thought is: do a one-time scan of all or most apps in production, fix the most egregious defects and either consider security testing “done” – or maybe schedule another scan in several months, even…

We live in a software-driven world – it’s how organizations in every industry interact with customers, prospects and partners. But information security has not kept pace with this shift, and traditional defenses are proving inadequate in this environment. As users and applications become the risk…