AppSec Blog

Developer Security Awareness: What Topics To Cover

In our last post (Is Security Your Top Priority), we discussed improving the security of our organizations with security awareness training for development teams. Now let's talk about the security training we should provide. What Topics To Cover All team members have different knowledge levels of the various threats facing our applications. Some have received … Continue reading Developer Security Awareness: What Topics To Cover


Developer Security Awareness: Is Security Your Top Priority?

In the last post (Developer Security Awareness: Why Do We Care?), we discussed what we should take away from publicized security events. Let's discuss why we are failing, and what we can do to make it better. Why are we failing? Software has become a requirement across all industries in today's world. Every market is … Continue reading Developer Security Awareness: Is Security Your Top Priority?


Developer Security Awareness: Why Do We Care?

Laying a foundation for developer security training is not an easy task. Those of us that have worked in the information security world long enough have seen the roadblocks: Development teams do not have enough time The project does not provide enough funding The organization does not have the expertise to create a training program … Continue reading Developer Security Awareness: Why Do We Care?


Demystifying Cross-Site Request Forgery

Continuously ranked in the OWASP Top Ten, a large majority of the development community still doesn't understand Cross-Site Request Forgery (CSRF). After years of penetration tests and code reviews, my experiences show that a high percentage of applications, especially new applications, do not have proper CSRF protections in place. This post provides a refresher on … Continue reading Demystifying Cross-Site Request Forgery


How to Prevent XSS Without Changing Code

To address security defects developers typically resort to fixing design flaws and security bugs directly in their code. Finding and fixing security defects can be a slow, painstaking, and expensive process. While development teams work to incorporate security into their development processes, issues like Cross-Site Scripting (XSS) continue to plague many commonly used applications. In … Continue reading How to Prevent XSS Without Changing Code