Broken Access Controls
By: Veracode, Inc. View more from Veracode, Inc. >>
Download this next:
Mitigate these 3 risks to container & IaC security
By: Veracode
Type: eBook
Given the proliferation of sophisticated cyberthreats, securing your organization’s cloud-native applications is no simple task. But you can bolster your defenses by augmenting your container and IaC (infrastructure as code) security.
To help you do so, this e-book highlights 3 prevalent risks to container and IaC security, including misconfigurations in IaC files, and explains how to mitigate those risks with a holistic approach to security.
Continue on to unlock these insights.
These are also closely related to: "Broken Access Controls"
-
Developer’s guide to secure coding
By: Veracode
Type: eBook
Today’s cybercriminals have your applications and software in their crosshairs. As a result, delivering secure code has never been more important.
But what, exactly, are the common software vulnerabilities you need to know about? How do attackers exploit them? And what should you do to prevent a breach?
This 31-page eBook answers all these questions and more, providing a roadmap to secure coding in practice. Topics covered inside include:
- A brief history of hacking
- 4 key pillars of secure coding
- How to deliver safer code faster
- And more
-
6 key criteria for developer-first secrets scanning solutions
By: Palo Alto Networks
Type: White Paper
Hardcoding secrets enables developers to seamlessly access or authenticate the services needed to build and deploy applications. But those secrets, if not stored securely, present a huge risk.
This checklist presents 6 key criteria that you should use when evaluating a potential secrets-scanning solution, including:
- Scans both application code and infrastructure as code files
- Developer-Friendly Integrations
- A Multidimensional Approach to Secrets Scanning
- And 3 more
Download now to learn more.
Find more content like what you just read:
-
BadUSB 2.0: Exploring USB man-in-the-middle attacks
By: TechTarget ComputerWeekly.com
Type: Essential Guide
This article in our Royal Holloway Security Series explores the uses and capabilities of rogue USB hardware implants for use in cyber espionage activities.
-
The Strategic Imperative for Software Supply Chain Security
By: JFrog
Type: White Paper
Download the whitepaper to learn about:The importance of software supply chain security in the era of DevOps.The risks associated with third-party components and DevOps practices.6 key steps for securing the software supply chain.How to secure your software supply chain with JFrog.
-
Urban Myths About Secure Coding
By: Veracode, Inc.
Type: eBook
Urban myths, whether rooted in reality or fabricated entirely, have the power to change perception. Read this e-book which is designed to rectify these misconceptions by presenting six common urban myths about secure coding and giving practical guidance for how to overcome them.
-
Toughening up web and mobile application security
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide, read more about the best practices for web application security, how to balance app innovation with app security, why API security needs to be part of your defence strategy, and what are the top tools to keep your applications safe, among other trends.
-
SAST vs. DAST: What Are the Differences and Why Are They Both Important?
By: Veracode, Inc.
Type: Resource
If you only use SAST, you miss out on detecting critical flaws from open source vulnerabilities and configuration errors. The more application security scan types you employ, the more flaws you uncover. This infographic dives deeper into the differences between SAST and DAST, and establishes the benefits of using both scan types in unison.
-
How Do Vulnerabilities Get into Software?
By: Veracode, Inc.
Type: White Paper
Despite the best efforts of IT security teams, vulnerabilities in applications are bound to happen. In fact, research shows that 3 out of 4 apps produced by software vendors fail to meet security standards. Download this white paper to discover the 4 most common causes that lead to software vulnerabilities and ensure your readiness.
-
Enterprise Strategy Group showcase: CyberArk Secrets Manager
By: Amazon Web Services
Type: ESG Showcase
As part of the CyberArk Identity Security Platform, Secrets Manager, which includes Secrets Hub, can secure secrets across the entire organization with minimal impact on developers. Download this Showcase for an in-depth analysis of Secrets Manager performed by analysts from TechTarget’s Enterprise Strategy Group (ESG).
-
Application security: Understanding how software is protected
By: Veracode, Inc.
Type: Resource
According to a recent report, 76% of all software applications have some sort of a security flaw. Applications are often seen as products in and of themselves, but when they are given sensitive information, it is important that they also be secure. Access the full infosheet to learn more about the current state of application security.
-
Address vulnerabilities during app development
By: Veracode
Type: White Paper
While incorporating security into the development process makes sense in theory, the reality is that in the turmoil of development, security is often the first corner cut to save time. Veracode Fix emerges as a critical tool in the arsenal of application development teams and application security managers. Read on to learn more.
-
AI-based application testing: Simulate attacks at scale
By: Veracode
Type: White Paper
With advances in AI capabilities, hackers have leveraged the evolving technology in order to perform more sophisticated attacks at scale. If actual attacks are using AI, then simulated attack testing that is performed at scale using AI is as close of a simulation to the real thing as one could hope for. Read on to learn more.
-
What security pros need to know about software development today
By: Veracode, Inc.
Type: Resource
Download this resource to learn about how software development tools and processes changed recently, challenges developers run into while trying to balance these new tools and processes, and what security professionals can do to get developers fully on board with security.
-
Powerful DDoS attacks leveraging IoT
By: Arbor Networks
Type: eGuide
A series of potent, record-setting DDoS attacks hit several targets in 2016 using IoT malware to infect and leverage a large number of internet connect devices. Inside this guide, experts reveal 11 key takeaways for this type of attack and real-world examples of companies suffering from the aftermath including Dyn.
-
Stop sacrificing innovation for security
By: Veracode
Type: eBook
Application security has evolved significantly over the past few years. Today, organizations are now running daily static scans, weekly dynamic scans, and at least weekly SCA scans. However, this is not just going through the motions. Having security at the front of mind allows teams to reduce risk and build resilience. Read on to learn more.
-
Navigating the GDPR
By: Veracode
Type: White Paper
Today’s businesses encounter not only rising cyberattacks but also regulations with stringent requirements. To help organizations navigate that challenging landscape, this white paper presents best practices for complying with the EU’s GDPR. Keep reading to unlock insights.
-
Sandnet++ – A framework for analysing and visualising network traffic from malware
By: TechTarget ComputerWeekly.com
Type: Essential Guide
This article in our Royal Holloway Security Series looks at Sandnet++, a framework for analysing and visualising network traffic from malware
-
Your path to a mature AppSec program
By: Veracode, Inc.
Type: eBook
Due to the sensitive data they contain, applications are often the target of cyberattacks – and unfortunately, application security approaches are rarely equipped to handle today’s threats. Read this e-book to learn how to modernize your application security approach.
-
How to choose the right AppSec vendor/offering
By: Veracode, Inc.
Type: Resource
The application security (AppSec) market is oversaturated with an abundance of options, which can make finding an AppSec vendor/offering best fit for your unique needs a difficult task. Read this infosheet for some expert guidance to help get you started on your AppSec journey.
-
Leverage Abstraction to Limit Headless Commerce Tech Debt
By: Nacelle
Type: Blog
IT leaders know that avoiding technical debt is critical to business success. For organizations that run distributed systems like those in headless and composable commerce, they must leverage abstraction to avoid serious architectural pitfalls and limit their technical debt. Read on to learn more about this concept and improve your TCO.
-
Securing the entire software development pipeline with Veracode Static Analysis
By: Veracode
Type: White Paper
Developers need security testing solutions that can keep pace with rapid, agile development processes. Traditional AppSec solutions can cause development to stall and delay the release of software. In this guide, learn how static analysis solutions can secure applications without hindering fast development.
-
5 principles for securing DevOps
By: Veracode, Inc.
Type: White Paper
Integrating security operations into pre-existing DevOps processes can yield numerous business benefits – including a measurable growth in both profit and revenue. Read this whitepaper to unlock the 5 principles of DevSecOps to help you get started.
-
DevSecOps delivers better business
By: TechTarget ComputerWeekly.com
Type: eGuide
Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.
-
The state of the threat landscape.
By: CrowdStrike
Type: Analyst Report
The problem isn't malware — it's adversaries. To stop these adversaries, security teams must understand how they operate. In the 2023 Threat Hunting Report, CrowdStrike's Counter Adversary Operations team exposes the latest adversary tradecraft and provides knowledge and insights to help stop breaches.
-
Zero Trust at Scale: A Look Inside Cisco’s Zero Trust Integration Model
By: Cisco
Type: White Paper
In this guide, you will learn why Cisco invested in Zero Trust when remote work initially gained foothold, how Cisco Zero Trust facilitates stakeholder engagement and buy-in, and more.
-
Securing software resellers & small businesses
By: Gen Digital
Type: White Paper
With limited resources, resellers and other small businesses are by no means immune and are in fact uniquely at risk of serious cyberattacks. Download this white paper to unlock 5 key best practices you can use to secure your organization
-
Full Expel 2024 threat report: Insights & recommendations
By: Expel
Type: Research Content
Expel’s operators do a massive amount of analysis, triage, and complicated problem-solving—stopping intricate attacks every single day. That makes their observations exemplary of the true state of cybersecurity and its related threats. Download this report to explore all the key findings you can use to optimize your cybersecurity strategy in 2024.
-
Improved security and user experience with the Enterprise Browser
By: Island
Type: White Paper
Web browsers are designed to run third-party code directly on the endpoint. Many organizations use remote browser isolation (RBI) solutions to provide gateway infrastructure. Island saw the promise in these solutions, and decided to take them a step further, introducing them natively into their Enterprise Browser solution. Read on to learn more.
-
Application security: best practices and risks
By: TechTarget ComputerWeekly.com
Type: eGuide
Security professionals need to anticipate vulnerabilities from all the right perspectives, and that means testing apps for flaws on a regular basis, whether that means monthly, quarterly or following updates. Check out this e-guide, which include application security best practices, threat identification and security testing tips.
-
2024 security report: Predictions from 3 CISOs
By: Checkpoint Software Technologies
Type: Research Content
In this 103-page research report by Check Point Software Technologies, access 2024 cybersecurity predictions, a timeline of cyber events in 2023, and much more.
-
4 adversaries exploiting identities & how to stop them
By: CrowdStrike
Type: eBook
When hackers target your organization with phishing attacks and identity compromise threats, they are affectively forcing your workforce to act as your last line of defense. In this e-book, experts from CrowdStrike investigate the dangers of identity-based attacks, as well as how you can thwart them. Download now to learn more.
-
How identity protection fortifies the top entry point for adversaries
By: CrowdStrike
Type: eBook
Adversaries target identity and credentials because humans are easy to trick, credentials are like a master key, and identities are easy to monetize and span the entire enterprise. Download the eBook to learn how to combat these types of attacks with a combination of identity protection and threat intelligence.
-
Incident Response Report 2022
By: Palo Alto Networks Unit42
Type: Resource
The digital transformation, as well as the growing sophistication of cyberattacks have made cybersecurity a key concern for everyone in every part of a company. In this report, analysts investigate cyber-incidents from across the previous year, combining various metrics to provide insight into the modern threat landscape. Read on to learn more.
-
A guide to continuous software delivery
By: TechTarget ComputerWeekly.com
Type: eBook
Software empowers business strategy. In this e-guide we explore how to deliver new software-powered functionality for continuous business improvement.
-
AWS Differences between Active and Passive IAST and how to get the best of both worlds
By: Contrast Security
Type: White Paper
Interactive Application Security Testing (IAST) is a relatively new technology that has caused a lot of confusion for not being clearly explained. This article sets out to clear the air. It will explain:What is IAST?What’s the difference between Active IAST & Passive IAST? Which approach is better for you?Access the paper here.
-
-
Cybersecurity in hospitality: 2023 insights
By: Trustwave
Type: Research Content
Because of the sheer amount of sensitive data that hospitality organizations maintain, a data breach can cause major reputational damage. This report delves into the hospitality industry’s unique cybersecurity threat profile. Read on to learn about boosting your company’s security stance.
-
Best practices for multi-factor authentication
By: Okta
Type: White Paper
Threat actors have taken advantage of hybrid work structures, ramping up social engineering initiatives with a distinct emphasis on phishing. This white paper is designed to provide best practices for fully leveraging the promise of multi-factor authentication (MFA), including upgrading to passwordless authentication. Read on to learn more.
-
Two-factor vs. multifactor authentication: Which is better?
By: HID Global
Type: eGuide
Two-factor authentication vs. multifactor authentication: Which is better? Access this e-guide to compare the two methods of authentication, and find out whether one is favored for securing cloud credentials.
-
Passwordless security: Securing with insecurity
By: Ping Identity Corporation
Type: eBook
According to a recent study, the average person has over 100 passwords. But what if you didn’t need passwords at all? Download this e-book to learn more about adopting passwordless security and see how it could improve your organization’s identity security.
-
Healthcare Organizations: Actionable Cybersecurity Insights
By: Trustwave
Type: Research Content
In 2022, over 28.5 million healthcare records were breached, according to The U.S. Department of Health and Human Services. So, how can today’s healthcare organizations protect their records and defend against advanced threats? To unlock actionable insights, dig into this 46-page report.
-
Securing Remote Access
By: Cisco DUO
Type: eBook
As the network perimeter is now everywhere and anywhere users are, security must move with it and needs to be in place at the point of access. Download this e-book to learn how you can secure remote access and build user trust.
-
Top Cybersecurity Threat Detections With Splunk and MITRE ATT&CK
By: Splunk
Type: eBook
Organizations can combat cyber threats by aligning MITRE ATT&CK with Splunk’s Analytic Stories. The guide details tactics like reconnaissance and lateral movement, offering Splunk searches and playbooks for detection. Teams can then investigate and remediate. Access the full paper for pre-built detections and enhanced defense insights.
-
Top 10 CI/CD security risks you can't ignore
By: Palo Alto Networks
Type: eBook
Pipelines open new attack surfaces if not secured properly. In this 42-page eBook, learn key strategies to lock down your CI/CD environments and processes to avoid data breaches, compromised infrastructure, and failed audits.
-
Royal Holloway: Attack mapping for the internet of things
By: TechTarget ComputerWeekly.com
Type: Research Content
The introduction of each internet-connected device to a home network increases the risk of cyber attack. This article in our Royal Holloway security series presents a practical model for investigating the security of a home network to evaluate and track what pathways an attacker may use to compromise it.
-
Is your infrastructure orchestration platform secure?
By: Orchestral.ai
Type: Product Overview
Because infrastructure orchestration platforms have access to data and configurations throughout a network, organizations must ensure that these platforms are secure. To learn about four key security components of such a platform, take a look through this overview.
-
The state of identity based threats
By: Cisco
Type: Research Content
Cyber threats are escalating as criminals employ advanced tactics to breach security. The Aberdeen report investigates the rise of identity-based threats, including MFA attacks, and offers security enhancement recommendations. Discover how to secure your organization against identity threats in the full Analyst Report.
-
A Computer Weekly buyer's guide to secure and agile app development
By: TechTarget ComputerWeekly.com
Type: eGuide
As apps become increasingly integral to business operations, the importance of keeping them secure can never be overstated. In this 15-page buyer's guide, Computer Weekly looks at how firms can protect apps from ransomware, why app creation needs to happen at pace, and how to get the right balance between security and coding
-
Access Management Buyer's Guide
By: Cisco
Type: Buyer's Guide
The modern workforce is rapidly becoming more mobile and hyperconnected, and attackers are taking note. But with attackers constantly innovating and finding new ways to bypass weaker multifactor authentication (MFA) implementations, how can you authorize users and devices without putting the network at risk?