Broken Access Controls
By: Veracode, Inc. View more from Veracode, Inc. >>
Download this next:
Mitigate these 3 risks to container & IaC security
By: Veracode
Type: eBook
Given the proliferation of sophisticated cyberthreats, securing your organization’s cloud-native applications is no simple task. But you can bolster your defenses by augmenting your container and IaC (infrastructure as code) security.
To help you do so, this e-book highlights 3 prevalent risks to container and IaC security, including misconfigurations in IaC files, and explains how to mitigate those risks with a holistic approach to security.
Continue on to unlock these insights.
These are also closely related to: "Broken Access Controls"
-
Developer’s guide to secure coding
By: Veracode
Type: eBook
Today’s cybercriminals have your applications and software in their crosshairs. As a result, delivering secure code has never been more important.
But what, exactly, are the common software vulnerabilities you need to know about? How do attackers exploit them? And what should you do to prevent a breach?
This 31-page eBook answers all these questions and more, providing a roadmap to secure coding in practice. Topics covered inside include:
- A brief history of hacking
- 4 key pillars of secure coding
- How to deliver safer code faster
- And more
-
6 key criteria for developer-first secrets scanning solutions
By: Palo Alto Networks
Type: White Paper
Hardcoding secrets enables developers to seamlessly access or authenticate the services needed to build and deploy applications. But those secrets, if not stored securely, present a huge risk.
This checklist presents 6 key criteria that you should use when evaluating a potential secrets-scanning solution, including:
- Scans both application code and infrastructure as code files
- Developer-Friendly Integrations
- A Multidimensional Approach to Secrets Scanning
- And 3 more
Download now to learn more.
Find more content like what you just read:
-
BadUSB 2.0: Exploring USB man-in-the-middle attacks
By: TechTarget ComputerWeekly.com
Type: Essential Guide
This article in our Royal Holloway Security Series explores the uses and capabilities of rogue USB hardware implants for use in cyber espionage activities.
-
Urban Myths About Secure Coding
By: Veracode, Inc.
Type: eBook
Urban myths, whether rooted in reality or fabricated entirely, have the power to change perception. Read this e-book which is designed to rectify these misconceptions by presenting six common urban myths about secure coding and giving practical guidance for how to overcome them.
-
Toughening up web and mobile application security
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide, read more about the best practices for web application security, how to balance app innovation with app security, why API security needs to be part of your defence strategy, and what are the top tools to keep your applications safe, among other trends.
-
SAST vs. DAST: What Are the Differences and Why Are They Both Important?
By: Veracode, Inc.
Type: Resource
If you only use SAST, you miss out on detecting critical flaws from open source vulnerabilities and configuration errors. The more application security scan types you employ, the more flaws you uncover. This infographic dives deeper into the differences between SAST and DAST, and establishes the benefits of using both scan types in unison.
-
How Do Vulnerabilities Get into Software?
By: Veracode, Inc.
Type: White Paper
Despite the best efforts of IT security teams, vulnerabilities in applications are bound to happen. In fact, research shows that 3 out of 4 apps produced by software vendors fail to meet security standards. Download this white paper to discover the 4 most common causes that lead to software vulnerabilities and ensure your readiness.
-
Enterprise Strategy Group showcase: CyberArk Secrets Manager
By: Amazon Web Services
Type: ESG Showcase
As part of the CyberArk Identity Security Platform, Secrets Manager, which includes Secrets Hub, can secure secrets across the entire organization with minimal impact on developers. Download this Showcase for an in-depth analysis of Secrets Manager performed by analysts from TechTarget’s Enterprise Strategy Group (ESG).
-
Application security: Understanding how software is protected
By: Veracode, Inc.
Type: Resource
According to a recent report, 76% of all software applications have some sort of a security flaw. Applications are often seen as products in and of themselves, but when they are given sensitive information, it is important that they also be secure. Access the full infosheet to learn more about the current state of application security.
-
Address vulnerabilities during app development
By: Veracode
Type: White Paper
While incorporating security into the development process makes sense in theory, the reality is that in the turmoil of development, security is often the first corner cut to save time. Veracode Fix emerges as a critical tool in the arsenal of application development teams and application security managers. Read on to learn more.
-
AI-based application testing: Simulate attacks at scale
By: Veracode
Type: White Paper
With advances in AI capabilities, hackers have leveraged the evolving technology in order to perform more sophisticated attacks at scale. If actual attacks are using AI, then simulated attack testing that is performed at scale using AI is as close of a simulation to the real thing as one could hope for. Read on to learn more.
-
What security pros need to know about software development today
By: Veracode, Inc.
Type: Resource
Download this resource to learn about how software development tools and processes changed recently, challenges developers run into while trying to balance these new tools and processes, and what security professionals can do to get developers fully on board with security.
-
Stop sacrificing innovation for security
By: Veracode
Type: eBook
Application security has evolved significantly over the past few years. Today, organizations are now running daily static scans, weekly dynamic scans, and at least weekly SCA scans. However, this is not just going through the motions. Having security at the front of mind allows teams to reduce risk and build resilience. Read on to learn more.
-
Navigating the GDPR
By: Veracode
Type: White Paper
Today’s businesses encounter not only rising cyberattacks but also regulations with stringent requirements. To help organizations navigate that challenging landscape, this white paper presents best practices for complying with the EU’s GDPR. Keep reading to unlock insights.
-
Powerful DDoS attacks leveraging IoT
By: Arbor Networks
Type: eGuide
A series of potent, record-setting DDoS attacks hit several targets in 2016 using IoT malware to infect and leverage a large number of internet connect devices. Inside this guide, experts reveal 11 key takeaways for this type of attack and real-world examples of companies suffering from the aftermath including Dyn.
-
Learn application security in a practical way
By: VMware Tanzu
Type: eBook
Application security is a hot topic in the digital-first era. Developers today face more cyber threats than ever before. Because of that, it is critical that all developers continue to enhance their skillset. For those developers who want to learn more about app security, but in a practical way, this eBook is what you need. Read on to learn more.
-
Your path to a mature AppSec program
By: Veracode, Inc.
Type: eBook
Due to the sensitive data they contain, applications are often the target of cyberattacks – and unfortunately, application security approaches are rarely equipped to handle today’s threats. Read this e-book to learn how to modernize your application security approach.
-
Web-facing applications: Security assessment tools and strategies
By: TechTarget Security
Type: White Paper
Read this expert E-guide to find out how you can properly asses web application threats and the tools your organization can use for protection. Learn how to mitigate likely web application threats and how you can ensure your business is protected.
-
Sandnet++ – A framework for analysing and visualising network traffic from malware
By: TechTarget ComputerWeekly.com
Type: Essential Guide
This article in our Royal Holloway Security Series looks at Sandnet++, a framework for analysing and visualising network traffic from malware
-
How to choose the right AppSec vendor/offering
By: Veracode, Inc.
Type: Resource
The application security (AppSec) market is oversaturated with an abundance of options, which can make finding an AppSec vendor/offering best fit for your unique needs a difficult task. Read this infosheet for some expert guidance to help get you started on your AppSec journey.
-
E-Guide: Preventing and detecting security vulnerabilities in Web applications
By: TechTarget Security
Type: eGuide
The extent of fundamental security flaws in most applications often requires a re-architecture, but there are some secondary measures information security teams can take to safeguard faulty applications. This expert tip maps out the steps security professionals should take to lock down their Web applications.
-
Securing the entire software development pipeline with Veracode Static Analysis
By: Veracode
Type: White Paper
Developers need security testing solutions that can keep pace with rapid, agile development processes. Traditional AppSec solutions can cause development to stall and delay the release of software. In this guide, learn how static analysis solutions can secure applications without hindering fast development.
-
5 principles for securing DevOps
By: Veracode, Inc.
Type: White Paper
Integrating security operations into pre-existing DevOps processes can yield numerous business benefits – including a measurable growth in both profit and revenue. Read this whitepaper to unlock the 5 principles of DevSecOps to help you get started.
-
DevSecOps delivers better business
By: TechTarget ComputerWeekly.com
Type: eGuide
Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.
-
The state of the threat landscape.
By: CrowdStrike
Type: Analyst Report
The problem isn't malware — it's adversaries. To stop these adversaries, security teams must understand how they operate. In the 2023 Threat Hunting Report, CrowdStrike's Counter Adversary Operations team exposes the latest adversary tradecraft and provides knowledge and insights to help stop breaches.
-
Leverage Abstraction to Limit Headless Commerce Tech Debt
By: Nacelle
Type: Blog
IT leaders know that avoiding technical debt is critical to business success. For organizations that run distributed systems like those in headless and composable commerce, they must leverage abstraction to avoid serious architectural pitfalls and limit their technical debt. Read on to learn more about this concept and improve your TCO.
-
Expel’s comprehensive 2024 threat report: Predictions & insights
By: Expel
Type: Research Content
Expel’s operators do a massive amount of analysis, triage, and complicated problem-solving—stopping intricate attacks every single day. That makes their observations exemplary of the true state of cybersecurity and its related threats. Download this report to explore all the key findings you can use to optimize your cybersecurity strategy in 2024.
-
Essential Guide to Threat Management
By: TechTarget Security
Type: eGuide
Our Expert Essential Guide to Threat Management explores the best ways to defend against modern threats and targeted attacks. Malicious insiders have placed a bull’s eye on your organization’s back, waiting to strike at just the right time.
-
Application security: best practices and risks
By: TechTarget ComputerWeekly.com
Type: eGuide
Security professionals need to anticipate vulnerabilities from all the right perspectives, and that means testing apps for flaws on a regular basis, whether that means monthly, quarterly or following updates. Check out this e-guide, which include application security best practices, threat identification and security testing tips.
-
How identity protection fortifies the top entry point for adversaries
By: CrowdStrike
Type: eBook
Adversaries target identity and credentials because humans are easy to trick, credentials are like a master key, and identities are easy to monetize and span the entire enterprise. Download the eBook to learn how to combat these types of attacks with a combination of identity protection and threat intelligence.
-
Incident Response Report 2022
By: Palo Alto Networks Unit42
Type: Resource
The digital transformation, as well as the growing sophistication of cyberattacks have made cybersecurity a key concern for everyone in every part of a company. In this report, analysts investigate cyber-incidents from across the previous year, combining various metrics to provide insight into the modern threat landscape. Read on to learn more.
-
Information Security Essential Guide: Strategies for Tackling BYOD
By: TechTarget Security
Type: White Paper
Let this e-book from our independent experts be your guide to all things related to mobile security in the face of the BYOD trend. Inside, you'll get helpful insight that will help you understand the ins and outs of mobile device management technologies, how to tackle the problem of mobile application security, and much more.
-
October Essentials Guide on Mobile Device Security
By: TechTarget Security
Type: Essential Guide
The October issue of Information Security offers advice on controlling the onslaught of employee-owned devices in your workplace, mitigating the risks of mobile applications, and changing your thought process when it comes to securing the consumerization of IT.
-
IT in Europe: Taking control of smartphones: Are MDMs up to the task?
By: TechTarget Security
Type: Ezine
In this Special European edition of Information Security magazine, gain key insight into the increasing risks of mobile devices and the strategies and tools needed to mitigate them. View now to also explore VDI security, cybersecurity threats, IT consumerization deluge, and much more.
-
AWS Differences between Active and Passive IAST and how to get the best of both worlds
By: Contrast Security
Type: White Paper
Interactive Application Security Testing (IAST) is a relatively new technology that has caused a lot of confusion for not being clearly explained. This article sets out to clear the air. It will explain:What is IAST?What’s the difference between Active IAST & Passive IAST? Which approach is better for you?Access the paper here.
-
A guide to continuous software delivery
By: TechTarget ComputerWeekly.com
Type: eBook
Software empowers business strategy. In this e-guide we explore how to deliver new software-powered functionality for continuous business improvement.
-
-
Best practices for multi-factor authentication
By: Okta
Type: White Paper
Threat actors have taken advantage of hybrid work structures, ramping up social engineering initiatives with a distinct emphasis on phishing. This white paper is designed to provide best practices for fully leveraging the promise of multi-factor authentication (MFA), including upgrading to passwordless authentication. Read on to learn more.
-
Two-factor vs. multifactor authentication: Which is better?
By: HID Global
Type: eGuide
Two-factor authentication vs. multifactor authentication: Which is better? Access this e-guide to compare the two methods of authentication, and find out whether one is favored for securing cloud credentials.
-
Cybersecurity in hospitality: 2023 insights
By: Trustwave
Type: Research Content
Because of the sheer amount of sensitive data that hospitality organizations maintain, a data breach can cause major reputational damage. This report delves into the hospitality industry’s unique cybersecurity threat profile. Read on to learn about boosting your company’s security stance.
-
Passwordless security: Securing with insecurity
By: Ping Identity Corporation
Type: eBook
According to a recent study, the average person has over 100 passwords. But what if you didn’t need passwords at all? Download this e-book to learn more about adopting passwordless security and see how it could improve your organization’s identity security.
-
The state of penetration risk
By: Coalfire
Type: Research Content
By studying new attacks, and analyzing adversarial behavior, organizations can better track and understand attackers, their goals and their tactics. Download this report on the state of penetration risk to unlock statistics and information that you can use to develop a threat-informed cybersecurity strategy for your organization.
-
Guiding Your Leadership Team Through the Zero Trust Mindset
By: CyberArk
Type: White Paper
Zero trust identifies users and entities and grants them just the right amount of access as needed. In this e-book, LATAM Field Technology Director at CyberArk, Cláudio Neiva, leverages his 24 years of experience to break down the essential elements of zero trust. Read on to learn more.
-
Healthcare Organizations: Actionable Cybersecurity Insights
By: Trustwave
Type: Research Content
In 2022, over 28.5 million healthcare records were breached, according to The U.S. Department of Health and Human Services. So, how can today’s healthcare organizations protect their records and defend against advanced threats? To unlock actionable insights, dig into this 46-page report.
-
When Every Identity is at Risk, Where Do You Begin?
By: CyberArk
Type: eBook
Today’s threat landscape is defined by three realities: new identities, new environments and new attack methods. As a result, every organization should expect a rise in identity-based cyberattacks. To defend against evolving threats, every identity must have the right level of intelligent privilege controls. Download this eBook.
-
Top Cybersecurity Threat Detections With Splunk and MITRE ATT&CK
By: Splunk
Type: eBook
Organizations can combat cyber threats by aligning MITRE ATT&CK with Splunk’s Analytic Stories. The guide details tactics like reconnaissance and lateral movement, offering Splunk searches and playbooks for detection. Teams can then investigate and remediate. Access the full paper for pre-built detections and enhanced defense insights.
-
ISM Essentials Guide on Cloud and Virtualization Security
By: TechTarget Security
Type: Essential Guide
Moving applications, development and data to the cloud means a new paradigm of IT and security management. You’ll need clear visibility into how data moves outside your organization, where it’s stored and who has access to it. This essential guide from ISM offers expert advice on security around your organization’s cloud computing efforts.
-
Top 10 CI/CD security risks you can't ignore
By: Palo Alto Networks
Type: eBook
Pipelines open new attack surfaces if not secured properly. In this 42-page eBook, learn key strategies to lock down your CI/CD environments and processes to avoid data breaches, compromised infrastructure, and failed audits.
-
Royal Holloway: Attack mapping for the internet of things
By: TechTarget ComputerWeekly.com
Type: Research Content
The introduction of each internet-connected device to a home network increases the risk of cyber attack. This article in our Royal Holloway security series presents a practical model for investigating the security of a home network to evaluate and track what pathways an attacker may use to compromise it.