Category: Application

The Boat Is Always Taking on Water: Why Security Maintenance Never Ends

Web application security is like maintaining a boat. You inspect the hull, find a small crack, patch it, and continue sailing. A week after that, you find another crack. You patch that too. The week after that? Another crack. This continues indefinitely because boats are…

Why Web Application Security Is a Condition, Not a Destination

You can’t “fix” web application security and call it done. Security isn’t a project with a start and end date. It’s not something you achieve once and move on from, or a checkbox you mark complete. Web application vulnerabilities aren’t a problem you solve…

The Ultimate Guide to Web Application Security Testing

Web applications are at the core of digital business operations, making them a prime target for cybercriminals. A successful attack on a vulnerable web application can lead to data breaches, financial losses, reputational damage, and compliance violations. To safeguard against these risks, organizations must conduct…

Why Penetration Test Costs Might Go Up Each Year

As companies tackle the ever-evolving landscape of cybersecurity, they regularly budget for penetration tests to protect their digital assets. But many are left scratching their heads when they see the cost for these tests creeping up each year, even when it seems like the scope…

Scheduling Your Penetration Test

You’re ready to schedule your penetration test, but aren’t sure when that should be. Should it be at the beginning of the year or the end of the year? Are there industry standards that apply to scheduling your test? In this video, we take a…

Are developers slowing the progress of security?

Recently, we reviewed a report with a customer and received some interesting feedback regarding issues with mitigation. Some of the issues they were having trouble mitigating were related to supporting HTTP, and TLS versions below 1.3 instead of forcing HTTPS with TLS 1.3. Another…

What is Digest Authentication?

Digest authentication is one way of confirming the identity of a user before sending sensitive information. This is done by the web server when a user requests information in a web browser. It is considered one of the more secure methods for authentication but isn’t…

How Can I Tell a Real Pen Test from a Fake?

There are a lot of companies selling penetration tests (pen tests), but how do you know if what you are getting is a real pen test? When it’s something that’s less tangible than, say, getting an oil change, it can be hard to determine if…

What is the OWASP® Top 10

You may have seen the OWASP® Top 10 on our site or around the web and are wondering what it is. What is OWASP®? Let’s start with what OWASP® is. It stands for the Open Web Application Security Project®. They are a nonprofit organization whose…

What Are Rules of Engagement in Pen Testing?

If you think the Rules of Engagement sound like a war movie, you’re not alone. In the penetration testing world, it’s more about cyber warfare, indirectly. What is it? Proactive penetration testing can help combat would-be attackers by identifying vulnerabilities before they do. The Rules…