Firewall penetration testing explained

Firewalls form the first line of defense in your organization’s IT infrastructure. As a result, the attackers are most likely to scan and exploit existing vulnerabilities. A firewall can be either software or hardware. It continuously inspects your organization’s incoming and outgoing traffic. Generally, firewalls have predetermined rules and policies to either grant or deny … Continued

Agile security testing for applications – the way forward?

Businesses are increasingly moving towards adopting DevOps in their development process so that the time-to-time (TTM) is reduced. With the second decade of this millennium coming to an end, the development lifecycle for any software development project cannot be static stages with teams working in their silos with minimum communication with each other.   While at the same … Continued

Types of Application Security Testing

As we are getting more reliant on various applications to make our life easier or make business processes efficient, the threats have certainly increased to the extent that not considering security during the development of an application may cause irreparable damages. To minimize the chances of an application from being attacked as well as subsequent damages – reputational as well as financial, … Continued

The dilemma of choosing a web application security scanner: DAST, SAST, IAST, RASP, and what not.

When an application is being developed, one of the most difficult questions to be answered is how it should be tested. Instead of going for endless discussions, the decision-makers should start with answering whether they want to automate vulnerability scanning for their application. Automation saves a great deal of time and money, while at the same time, the internal … Continued

DAST v. SAST: Which one is better?

Earlier, security and privacy concerns were often used to be after-development activities, or they were ignored altogether. The ever-evolving threat landscape has definitely changed this position taken by the organizations and now, they are indeed concerned about the security issues associated with their application or software being developed. Or in other words, organizations are now … Continued

How to use NodeJsScan for SAST – Step-by-step Guide

NodeJsScan is a static code scanner that is used to find security flaws specifically in Node.js applications. In this post, we will look at how you can use NodeJsScan for SAST.   Configuration & Usage  Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/setting.py  Download the NodeJsScan package from the GitHub repository https://github.com/ajinabraham/NodeJsScan.  Figure 1 Cloning the repository Navigate to the NodeJsScan directory and install all … Continued

How to Use CodeWarrior for SAST – Step-by-step Guide

CodeWarrior is a SAST tool supporting multiple languages such as C, C#, PHP, Java, Ruby, ASP, and JavaScript for a variety of security vulnerabilities. This tool is available for Linux OX, BSD, and MacOS systems. You do not need to install it on a machine, simply compiling it using “make” is sufficient to run this tool after the downloading … Continued

Top 3 Open Source Tools for SAST

In today’s world of software development, the responsibilities of developers have significantly increased. So often, security measures get compromised due to relentless efforts put in to improve UI and UX. SAST is one of many such ways to ensure your application is secure.  What is Static Application Security Testing (SAST)?  Static Application Security Testing, or SAST, is a type of security testing which analyzes the source code … Continued