• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

application security

January 31, 2023 by James Jardine Leave a Comment

Ep. 120: Addressing Root Cause – Vulnerable Components

In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Transcript: In this episode, James talks about root cause analysis versus treating … [Read more...] about Ep. 120: Addressing Root Cause – Vulnerable Components

Filed Under: Podcast Tagged With: application security, application security program, developsec, secure development, security, vulnerable components

March 24, 2022 by James Jardine

Input validation is less about specific vulnerabilities

Security takes a layered approach to reduce the risk to our organization. Input validation is the perfect example of one of these layers. In most cases, input validation is 1 factor in a multi-pronged approach to protecting against common vulnerabilities. Take any course on secure development and they will, or should, mention input validation as a mitigating control for so many vulnerabilities. You might notice that it always comes with a but. Use input validation, but also use output … [Read more...] about Input validation is less about specific vulnerabilities

Filed Under: General Tagged With: app sec, applicaiton security, application security, developer security, developer training, input validation, qa, qa security, quality assurance, secure code

March 19, 2022 by James Jardine Leave a Comment

Is encoding really encoding if it is escaping?

The title might be confusing, let's see if we can clear it up. I saw an article the other day that was giving a comparison between encoding, encryption and hashing. There was a statement made that basically said: Encoding has no security purpose. I thought this was interesting because when training on security topics we mention encoding for specific use cases. For example, when we discuss Cross-Site Scripting, the answer is output encoding. I want to clarify that I agree with the statement … [Read more...] about Is encoding really encoding if it is escaping?

Filed Under: General Tagged With: application security, AppSec, cross-site scripting, developer training, training, vulnerability, xss

December 20, 2021 by James Jardine Leave a Comment

What is the difference between encryption and hashing?

Encryption is a reversible process, whereas hashing is one-way only. Data that has been encrypted can be decrypted back to the original value. Data that has been hashed cannot be transformed back to its original value. Encryption is used to protect sensitive information like Social Security Numbers, credit card numbers or other sensitive information that may need to be accessed at some point. Hashing is used to create data signatures or comparison only features. For example, user passwords … [Read more...] about What is the difference between encryption and hashing?

Filed Under: Questions Tagged With: application security, AppSec, crypto, encryption, hashing, questions, secure development, security awareness, security testing, training

December 19, 2021 by James Jardine Leave a Comment

Ep. 118: Log4J Sparking Thought on Vulnerable Components

Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vulnerable? If so, what needs to be done? Listen to the Episode: For more info go to https://www.developsec.com or follow us on twitter (@developsec). … [Read more...] about Ep. 118: Log4J Sparking Thought on Vulnerable Components

Filed Under: Podcast Tagged With: application security, application security program, AppSec, leadership, owasp, podcast, secure development, security training, training, vulnerable component

December 15, 2021 by James Jardine Leave a Comment

Log4J – Reflection and Progression

Open any social media platform or pull up any mainstream media and undoubtably, you have seen many posts/articles talking about the log4j vulnerability. If you haven't seen this, here is a quick link to catch up https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-4428/. This post is not going to be about log4j, nor is it going to go into any of the details the thousands of others articles out there would go through. Instead, I want to discuss this at a higher level. Log4j is just an … [Read more...] about Log4J – Reflection and Progression

Filed Under: General, Take-Aways Tagged With: 3rd party component, application security, AppSec, awareness, components, exploit, log4j, owasp, secure code, training, vulnerability, vulnerable component

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 10
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved