Application Security Tools

Post: “How is Your AppSec Program Doing Compared to Others?” Webinar

Organizations that build software and worry about security continually are asking, “How do we stack up to others?” Join John Dickson and Denim Group at 3 PM CDT on Thursday, August 21st for an executive briefing webinar of how to use OpenSAMM to benchmark your application security activities against others and how to identify gaps […]

Post: For Mobile Application Security, What Sort of Protection Do App Stores Provide?

iOS (iPhone/iPad) Non-jailbroken iOS devices can only install applications from the official Apple iTunes App Store. The App Store has an application approval process whose methods are not publicly disclosed, but that does not appear to do meaningful security checking of applications. Instead applications are checked for the use of undocumented APIs or other violations. […]

Post: Why is Mobile Application Security Important?

As more organizations explore ways to push functionality to mobile devices, there is a desire to move an increasing amount of sensitive data onto the device. In addition, there is a push to have more sensitive calculations performed on devices. With the dramatic increase in the number of devices, their technical capabilities, and their use […]

Post: What is Code Signing?

Code signing is the process of attaching a digital signature to application binaries. Cryptographic functions are used to identify a specific application binary and associate that binary with a specific developer or organization. This allows other systems to understand several things about an application: The source of the application based on who signed the application […]

Post: Limitations of Automated Tools for Dynamic Web Application Security Scanning

They can only find technical flaws in applications, not logical flaws. Application security scanners identify only around 30% of the most serious flaws that exist in large-scale web software systems. They cannot find the more serious vulnerabilities that are potentially painful to mitigate, such as architectural or design flaws that were introduced before coding or […]

Post: Mobile Application Security Assessment By the Numbers – a Whole-Istic View

In addition to exposure from their web applications, organizations are realizing  their expanding portfolio of mobile applications also provides avenue of attack for malicious actors. The challenge is that mobile applications are often more complicated than their web-based counterparts – they have code that runs on untrusted user devices, code running on corporate web services, […]