AppSec Blog

Dev-Sec.io Automated Hardening Framework

Editors Note: Today's post is from Jim Bird. Jim is the co-founder and CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. Automated configuration management tools like Ansible, Chef and Puppet are changing the way that organizations provision and manage their … Continue reading Dev-Sec.io Automated Hardening Framework


2016 State of Application Security: Skills, Configurations, and Components

The 2016 SANS State of Application Security Survey analyst paper and webcast are complete. This year, Johannes Ullrich, dean of research at the SANS Technology Institute and instructor for DEV522: Defending Web Applications Security Essentials, led the project by analyzing the survey results, writing the whitepaper, and delivering the webcast. We had 475 respondents … Continue reading 2016 State of Application Security: Skills, Configurations, and Components


Securing the SDLC: Dynamic Testing Java Web Apps

Editors Note: Today's post is from Gregory Leonard. Gregory is an application security consultant at Optiv Security, Inc and a SANS instructor for DEV541 Secure Coding in Java/JEE. Introduction The creation and integration of a secure development lifecycle (SDLC) can be an intimidating, even overwhelming, task. There are so many aspects that need to … Continue reading Securing the SDLC: Dynamic Testing Java Web Apps


Static Analysis and Code Reviews in Agile and DevOps

Editors Note: Today's post is from Jim Bird. Jim is the co-founder and CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. In this post, Jim covers how to perform secure code analysis in an Agile development lifecycle. More and more … Continue reading Static Analysis and Code Reviews in Agile and DevOps


Breaking CSRF: ASP.NET MVC

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe. In this post, Taras will discuss using anti-forgery tokens in the ASP.NET MVC framework. CSRF (Cross-Site Request Forgery) has been #8 in the OWASP Top 10 for many years. For a little background, CSRF is comprehensively explained in this article … Continue reading Breaking CSRF: ASP.NET MVC