Broken Access Controls
By: Veracode, Inc. View more from Veracode, Inc. >>
Download this next:
Mitigate these 3 risks to container & IaC security
By: Veracode
Type: eBook
Given the proliferation of sophisticated cyberthreats, securing your organization’s cloud-native applications is no simple task. But you can bolster your defenses by augmenting your container and IaC (infrastructure as code) security.
To help you do so, this e-book highlights 3 prevalent risks to container and IaC security, including misconfigurations in IaC files, and explains how to mitigate those risks with a holistic approach to security.
Continue on to unlock these insights.
These are also closely related to: "Broken Access Controls"
-
Developer’s guide to secure coding
By: Veracode
Type: eBook
Today’s cybercriminals have your applications and software in their crosshairs. As a result, delivering secure code has never been more important.
But what, exactly, are the common software vulnerabilities you need to know about? How do attackers exploit them? And what should you do to prevent a breach?
This 31-page eBook answers all these questions and more, providing a roadmap to secure coding in practice. Topics covered inside include:
- A brief history of hacking
- 4 key pillars of secure coding
- How to deliver safer code faster
- And more
-
6 key criteria for developer-first secrets scanning solutions
By: Palo Alto Networks
Type: White Paper
Hardcoding secrets enables developers to seamlessly access or authenticate the services needed to build and deploy applications. But those secrets, if not stored securely, present a huge risk.
This checklist presents 6 key criteria that you should use when evaluating a potential secrets-scanning solution, including:
- Scans both application code and infrastructure as code files
- Developer-Friendly Integrations
- A Multidimensional Approach to Secrets Scanning
- And 3 more
Download now to learn more.
Find more content like what you just read:
-
BadUSB 2.0: Exploring USB man-in-the-middle attacks
By: TechTarget ComputerWeekly.com
Type: Essential Guide
This article in our Royal Holloway Security Series explores the uses and capabilities of rogue USB hardware implants for use in cyber espionage activities.
-
The Strategic Imperative for Software Supply Chain Security
By: JFrog
Type: White Paper
Download the whitepaper to learn about:The importance of software supply chain security in the era of DevOps.The risks associated with third-party components and DevOps practices.6 key steps for securing the software supply chain.How to secure your software supply chain with JFrog.
-
Urban Myths About Secure Coding
By: Veracode, Inc.
Type: eBook
Urban myths, whether rooted in reality or fabricated entirely, have the power to change perception. Read this e-book which is designed to rectify these misconceptions by presenting six common urban myths about secure coding and giving practical guidance for how to overcome them.
-
How Do Vulnerabilities Get into Software?
By: Veracode, Inc.
Type: White Paper
Despite the best efforts of IT security teams, vulnerabilities in applications are bound to happen. In fact, research shows that 3 out of 4 apps produced by software vendors fail to meet security standards. Download this white paper to discover the 4 most common causes that lead to software vulnerabilities and ensure your readiness.
-
Toughening up web and mobile application security
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide, read more about the best practices for web application security, how to balance app innovation with app security, why API security needs to be part of your defence strategy, and what are the top tools to keep your applications safe, among other trends.
-
SAST vs. DAST: What Are the Differences and Why Are They Both Important?
By: Veracode, Inc.
Type: Resource
If you only use SAST, you miss out on detecting critical flaws from open source vulnerabilities and configuration errors. The more application security scan types you employ, the more flaws you uncover. This infographic dives deeper into the differences between SAST and DAST, and establishes the benefits of using both scan types in unison.
-
Application security: Understanding how software is protected
By: Veracode, Inc.
Type: Resource
According to a recent report, 76% of all software applications have some sort of a security flaw. Applications are often seen as products in and of themselves, but when they are given sensitive information, it is important that they also be secure. Access the full infosheet to learn more about the current state of application security.
-
Address vulnerabilities during app development
By: Veracode
Type: White Paper
While incorporating security into the development process makes sense in theory, the reality is that in the turmoil of development, security is often the first corner cut to save time. Veracode Fix emerges as a critical tool in the arsenal of application development teams and application security managers. Read on to learn more.
-
AI-based application testing: Simulate attacks at scale
By: Veracode
Type: White Paper
With advances in AI capabilities, hackers have leveraged the evolving technology in order to perform more sophisticated attacks at scale. If actual attacks are using AI, then simulated attack testing that is performed at scale using AI is as close of a simulation to the real thing as one could hope for. Read on to learn more.
-
What security pros need to know about software development today
By: Veracode, Inc.
Type: Resource
Download this resource to learn about how software development tools and processes changed recently, challenges developers run into while trying to balance these new tools and processes, and what security professionals can do to get developers fully on board with security.
-
Stop sacrificing innovation for security
By: Veracode
Type: eBook
Application security has evolved significantly over the past few years. Today, organizations are now running daily static scans, weekly dynamic scans, and at least weekly SCA scans. However, this is not just going through the motions. Having security at the front of mind allows teams to reduce risk and build resilience. Read on to learn more.
-
Navigating the GDPR
By: Veracode
Type: White Paper
Today’s businesses encounter not only rising cyberattacks but also regulations with stringent requirements. To help organizations navigate that challenging landscape, this white paper presents best practices for complying with the EU’s GDPR. Keep reading to unlock insights.
-
Sandnet++ – A framework for analysing and visualising network traffic from malware
By: TechTarget ComputerWeekly.com
Type: Essential Guide
This article in our Royal Holloway Security Series looks at Sandnet++, a framework for analysing and visualising network traffic from malware
-
Your path to a mature AppSec program
By: Veracode, Inc.
Type: eBook
Due to the sensitive data they contain, applications are often the target of cyberattacks – and unfortunately, application security approaches are rarely equipped to handle today’s threats. Read this e-book to learn how to modernize your application security approach.
-
How to choose the right AppSec vendor/offering
By: Veracode, Inc.
Type: Resource
The application security (AppSec) market is oversaturated with an abundance of options, which can make finding an AppSec vendor/offering best fit for your unique needs a difficult task. Read this infosheet for some expert guidance to help get you started on your AppSec journey.
-
Securing the entire software development pipeline with Veracode Static Analysis
By: Veracode
Type: White Paper
Developers need security testing solutions that can keep pace with rapid, agile development processes. Traditional AppSec solutions can cause development to stall and delay the release of software. In this guide, learn how static analysis solutions can secure applications without hindering fast development.
-
Powerful DDoS attacks leveraging IoT
By: Arbor Networks
Type: eGuide
A series of potent, record-setting DDoS attacks hit several targets in 2016 using IoT malware to infect and leverage a large number of internet connect devices. Inside this guide, experts reveal 11 key takeaways for this type of attack and real-world examples of companies suffering from the aftermath including Dyn.
-
5 principles for securing DevOps
By: Veracode, Inc.
Type: White Paper
Integrating security operations into pre-existing DevOps processes can yield numerous business benefits – including a measurable growth in both profit and revenue. Read this whitepaper to unlock the 5 principles of DevSecOps to help you get started.
-
Leverage Abstraction to Limit Headless Commerce Tech Debt
By: Nacelle
Type: Blog
IT leaders know that avoiding technical debt is critical to business success. For organizations that run distributed systems like those in headless and composable commerce, they must leverage abstraction to avoid serious architectural pitfalls and limit their technical debt. Read on to learn more about this concept and improve your TCO.
-
Enterprise Strategy Group showcase: CyberArk Secrets Manager
By: Amazon Web Services
Type: ESG Showcase
As part of the CyberArk Identity Security Platform, Secrets Manager, which includes Secrets Hub, can secure secrets across the entire organization with minimal impact on developers. Download this Showcase for an in-depth analysis of Secrets Manager performed by analysts from TechTarget’s Enterprise Strategy Group (ESG).
-
AWS Differences between Active and Passive IAST and how to get the best of both worlds
By: Contrast Security
Type: White Paper
Interactive Application Security Testing (IAST) is a relatively new technology that has caused a lot of confusion for not being clearly explained. This article sets out to clear the air. It will explain:What is IAST?What’s the difference between Active IAST & Passive IAST? Which approach is better for you?Access the paper here.
-
DevSecOps delivers better business
By: TechTarget ComputerWeekly.com
Type: eGuide
Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.
-
-
A Computer Weekly buyer's guide to secure and agile app development
By: TechTarget ComputerWeekly.com
Type: eGuide
As apps become increasingly integral to business operations, the importance of keeping them secure can never be overstated. In this 15-page buyer's guide, Computer Weekly looks at how firms can protect apps from ransomware, why app creation needs to happen at pace, and how to get the right balance between security and coding
-
A Computer Weekly buyer's guide to supply chain security
By: TechTarget ComputerWeekly.com
Type: eGuide
Organisations are increasingly taking the initiative when it comes to firming up their supply chain security. In this 15-page buyer's guide, Computer Weekly looks at data's role in enabling faster response times, the challenges firms face in increasing their cyber resilience and how the role of the IT security leader has evolved.
-
Application security: best practices and risks
By: TechTarget ComputerWeekly.com
Type: eGuide
Security professionals need to anticipate vulnerabilities from all the right perspectives, and that means testing apps for flaws on a regular basis, whether that means monthly, quarterly or following updates. Check out this e-guide, which include application security best practices, threat identification and security testing tips.
-
AWS-JFrog: DevSecOps, Developing and Leveraging a Culture of Security
By: JFrog
Type: eBook
In this eBook, you’ll discover how JFrog and AWS enable you to start creating a culture of security by combining your organization’s own guiding principles and the DevOps philosophy of working. Start reading now!
-
Securing software resellers & small businesses
By: Gen Digital
Type: White Paper
With limited resources, resellers and other small businesses are by no means immune and are in fact uniquely at risk of serious cyberattacks. Download this white paper to unlock 5 key best practices you can use to secure your organization
-
A Computer Weekly buyer's guide to continuous integration and continuous deployment
By: TechTarget ComputerWeekly.com
Type: eGuide
Continuous integration and continuous deployment offer a variety of advantages for software developers. In this 13-page buyer's guide, Computer Weekly looks at what changes are in its pipeline, assesses the cultural changes it brings and how it can deliver results at speed.
-
The state of the threat landscape.
By: CrowdStrike
Type: Analyst Report
The problem isn't malware — it's adversaries. To stop these adversaries, security teams must understand how they operate. In the 2023 Threat Hunting Report, CrowdStrike's Counter Adversary Operations team exposes the latest adversary tradecraft and provides knowledge and insights to help stop breaches.
-
Improved security and user experience with the Enterprise Browser
By: Island
Type: White Paper
Web browsers are designed to run third-party code directly on the endpoint. Many organizations use remote browser isolation (RBI) solutions to provide gateway infrastructure. Island saw the promise in these solutions, and decided to take them a step further, introducing them natively into their Enterprise Browser solution. Read on to learn more.
-
A guide to continuous software delivery
By: TechTarget ComputerWeekly.com
Type: eBook
Software empowers business strategy. In this e-guide we explore how to deliver new software-powered functionality for continuous business improvement.
-
Full Expel 2024 threat report: Insights & recommendations
By: Expel
Type: Research Content
Expel’s operators do a massive amount of analysis, triage, and complicated problem-solving—stopping intricate attacks every single day. That makes their observations exemplary of the true state of cybersecurity and its related threats. Download this report to explore all the key findings you can use to optimize your cybersecurity strategy in 2024.
-
2024 security report: Predictions from 3 CISOs
By: Checkpoint Software Technologies
Type: Research Content
In this 103-page research report by Check Point Software Technologies, access 2024 cybersecurity predictions, a timeline of cyber events in 2023, and much more.
-
Incident Response Report 2022
By: Palo Alto Networks Unit42
Type: Resource
The digital transformation, as well as the growing sophistication of cyberattacks have made cybersecurity a key concern for everyone in every part of a company. In this report, analysts investigate cyber-incidents from across the previous year, combining various metrics to provide insight into the modern threat landscape. Read on to learn more.
-
IT/OT convergence is necessary, but not so simple
By: TechTarget ComputerWeekly.com
Type: eGuide
This handbook outlines best practices for building a secure IT/OT convergence and integration strategy, as well as insights into why people may just be the most critical piece of the IT/OT convergence security equation.
-
Automated tools for the new EU Cyber Resilience Act
By: Cybellum
Type: Product Overview
With the Cyber Resilience Act (CRA) beginning implementation in 2024, organizations must be ready to meet the new requirements. Learn about the Cybellum Product Security Platform, a leading product cybersecurity assessment and management platform that provides comprehensive support for meeting CRA requirements, in this white paper.
-
2024 cybersecurity enhanced resilience checklist
By: Expel
Type: White Paper
Expel’s annual threat report is in for 2024, and it’s more relevant than ever. Identity-based threats are on the rise and companies are falling behind in the race to protect against known vulnerabilities. View this high-level checklist, distilled from Expel’s report, for actionable steps to enhance your 2024 cybersecurity strategy.
-
4 adversaries exploiting identities & how to stop them
By: CrowdStrike
Type: eBook
When hackers target your organization with phishing attacks and identity compromise threats, they are affectively forcing your workforce to act as your last line of defense. In this e-book, experts from CrowdStrike investigate the dangers of identity-based attacks, as well as how you can thwart them. Download now to learn more.
-
How identity protection fortifies the top entry point for adversaries
By: CrowdStrike
Type: eBook
Adversaries target identity and credentials because humans are easy to trick, credentials are like a master key, and identities are easy to monetize and span the entire enterprise. Download the eBook to learn how to combat these types of attacks with a combination of identity protection and threat intelligence.
-
Best practices for multi-factor authentication
By: Okta
Type: White Paper
Threat actors have taken advantage of hybrid work structures, ramping up social engineering initiatives with a distinct emphasis on phishing. This white paper is designed to provide best practices for fully leveraging the promise of multi-factor authentication (MFA), including upgrading to passwordless authentication. Read on to learn more.
-
Cybersecurity in hospitality: 2023 insights
By: Trustwave
Type: Research Content
Because of the sheer amount of sensitive data that hospitality organizations maintain, a data breach can cause major reputational damage. This report delves into the hospitality industry’s unique cybersecurity threat profile. Read on to learn about boosting your company’s security stance.
-
Enabling digital transformation safely & confidently
By: ServiceNow
Type: eBook
Your business is forced to defend against actual cyberthreats and potential ones. So, how can you bolster your security stance in the face of all these risks? Check out this e-book to discover 10 ways that a cloud-based platform with an integrative approach can help you do so.
-
CW ASEAN November 2016
By: TechTarget Security
Type: Ezine
Small businesses in the ASEAN region could unknowingly be allowing hackers to access large corporate networks.
-
Guide to CMS security best practices & protocols
By: BrightSpot
Type: eBook
Today, a company’s content management system (CMS) has become highly vulnerable to cyberattacks. However, understanding the keys to proper CMS security can be difficult, making the efforts to do seem daunting. Browse this guide to learn more.
-
Application security: More important than ever
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide we look at why application security is more important than ever due to traditional software and cloud-based, web and mobile applications playing an increasingly important role in business.
-
DDoS mitigation services: What your organization should consider
By: Arbor Networks
Type: eGuide
Our experts discuss various DDoS mitigation services and what your organization should consider before implementing cloud DDoS protection. Then, uncover the various types of DDoS attacks and the steps to take towards a more secure and reliable future.