• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

security testing

October 23, 2024 by James Jardine

Application Security Starts With IT

Building secure applications has to start with the IT department. We have fought the battle for far to long in trying to have a different group responsible for securing our applications. Whether you call it application security, product security, devsecops, or something else. It just doesn't work. These different groups can help in identifying and implementing some processes, but secure code starts with the development team. If we really want to start building more secure applications we have … [Read more...] about Application Security Starts With IT

Filed Under: General Tagged With: app sec, app testing, application security, product security, secure development, security testing

March 26, 2024 by James Jardine

QA Can Do Security Testing

Does your appsec team struggle with trying to perform security testing on all of your applications? Do you struggle with trying to find more resources for your team to scale your team?  What is your relationship with the QA team? Often times, we focus on the developers and overlook the QA team. Why? QA engineers are professional testers. The big difference is that they focus on verifying functionality works instead of focusing on how functionality could be mis-used. This shouldn't be a reason … [Read more...] about QA Can Do Security Testing

Filed Under: General, Training Tagged With: AppSec, product security, qa security, secure development, security, security testing

November 29, 2023 by James Jardine Leave a Comment

HTTPS Isn’t Just For Sensitive Info

When we think about HTTP vs. HTTPS, we often focus on the risk to sensitive information. HTTP transmits our data in clear-text, while HTTPS encrypts the data to stop people from snooping. But that is not all that HTTPS does. What about tampering? One of the other key aspects of HTTPS is to protect our communication with the server from tampering. In this case, we would be concerned with someone being able to manipulate the responses that are sent back to the user's browser. While no sensitive … [Read more...] about HTTPS Isn’t Just For Sensitive Info

Filed Under: General Tagged With: application security, AppSec, development, sdlc, secure development, security, security awareness, security testing, testing

August 22, 2023 by James Jardine Leave a Comment

Don’t Shift Left, Expand

The last few years the biggest buzzword was shifting left. You have seen it everywhere. The concept is pretty simple when you think about the evolution of application security. We started out with a huge focus on penetration testing and providing a report back to the development team. The majority of organizations didn't have application security teams, and if they did, they were usually pretty small and limited in function. This method of app security was easy because it was in a time where … [Read more...] about Don’t Shift Left, Expand

Filed Under: General Tagged With: app sec, AppSec, penetration test, sdlc, secure sdlc, security, security awareness, security testing

August 15, 2023 by James Jardine Leave a Comment

Client vs. Server Validation

How many times have we thrown a vulnerability over to the development team assuming they understand what the issue is? How many times have we sat with the development team to show them what we do? This isn't a point of showing how to attack to build up the next generation of security people. Instead, it is focused on showing the development team how at attacker looks at their application so they better understand the issue identified.  Let's walk through a really simple scenario You have an … [Read more...] about Client vs. Server Validation

Filed Under: General Tagged With: app sec, app testing, AppSec, sdlc, secure application, secure development, security, security testing

January 19, 2023 by James

The risk of Spell Checking

Did you know that input fields on a web form support spell checking by default in many web browsers? This is a feature of the browser that can help catch errors early for the end user. Recently, some testers found that some data may be leaked during the spell checking function to 3rd parties. Here is a reference article describing this: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords The first point to make here is this is … [Read more...] about The risk of Spell Checking

Filed Under: General, News Tagged With: AppSec, developsec, secure coding, security, security testing

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 8
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved