.NET SQL injection .NET SQL injection remains a critical risk. SQL injection in .NET continues to be one of the most prevalent threats to websites and applications. A .NET SQL injection is a security weakness in a .NET…

Agile SDLC Adding security to the agile SDLC While an agile software development lifecycle (agile SDLC) can dramatically increase the pace of development, many development teams have difficulty balancing the…

Agile Security Agile security is a must for software development While software development teams have often seen a conflict between Agile methods and secure development, agile security is the only way to ensure…

Agile Software Development Lifecycle What is Agile? The Agile Manifesto formally introduced the idea of Agile Software Development in 2001. Agile is a collection of software development methods used by groups of developers to quickly…

Android Hacking Introduction to Android Hacking - Hacking Applications, Hacking Tools and Resources, and How to Secure Your Android Device from Getting Hacked Since its inception in September 2008, the Android…

Android Security: Guide to Android OS Introduction to the Android Operating System and Android Security Features (including Android Application Security) Android is a Linux kernel mobile platform. Android runs on a wide range of devices…

App Security Testing Integrate app security testing into your entire SDLC. Web applications have become the primary vector for attacks, making app security testing critical to protecting the enterprise. With superior…

Application Control Audit Secure your software with an application control audit. An application control audit is designed to ensure that an application’s transactions and the data it outputs are secure, accurate and valid.…

Application protection Achieve application protection with cloud-based testing tools. It’s no wonder that application protection is a top priority for many organizations – software applications are the most-attacked part…

Application Security Assessment Common misconceptions about application security assessments For enterprises developing software, an application security assessment is essential to producing software that is free of flaws and…

Application Security Best Practices What are application security best practices? Web applications are the number one attack vector for data breaches, yet the majority of organizations fail to adopt application security best practices…

Application Security Risk The application security risk of third-party software. Managing application security risk has become increasingly complex as more enterprises rely on third-party applications when deploying or…

Application Security Tools: Securing Web Apps Deliver safer software with better application security tools The right application security tools can help development teams build safer software faster. Developers are always managing a balancing…

Application Security Vulnerability: Code Flaws, Insecure Code Understanding Application Vulnerabilities What is an Application Vulnerability? An application vulnerability is a system flaw or weakness in an application that could be exploited to compromise the…

Application Testing Tools for Web App Analysis Protect your software, use an application testing tool Application analysis is an important part of securing your enterprise. By identifying vulnerability in software before it is deployed or…

ARP Spoofing What Is ARP Spoofing? ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of…

Attacks Application Attack Types The following is an extensive library of security solutions articles and guides that are meant to be helpful and informative resources on a range of security solutions topics…

Automated penetration testing tools Increase application security with automated penetration testing tools. Automated penetration testing tools can be an invaluable part of your web application security toolkit. Web applications have…

Automated Web Testing Application Security Testing Improve application security with automated web testing. Automated web testing tools are a critical priority for development teams that need to increase application…

Black Box Analysis Black box analysis is essential to application security Dynamic Analysis Security Testing (DAST), also known as black box analysis, is a critical tool for securing web applications. Designed to find…

Black Box Testing Improve application security with black box testing Black box testing, also known as Dynamic Analysis security testing (DAST test), is an essential tool for achieving application security. Black box…

Blackbox Test Improve Application Security with a Blackbox Test Tool A blackbox test, also called a dynamic analysis security test (DAST test), is an invaluable part of any application security toolbox. Blackbox…

Blackbox Testing Techniques The Pros and Cons of blackbox testing techniques. Blackbox testing techniques – also known as dynamic analysis – are a crucial component of a comprehensive application security testing protocol.…

Cloud-based Security Cloud-based security platforms improve control over third-party software. When working with third-party software, a cloud-based security platform can help your development team ensure that code you’…

Code Review Tools Speed development with automated code review tools As development teams work to integrate security into the software development lifecycle (SDLC), the right code review tools can help to find…

Code Review: Code Review Tools Code review is an examination of computer source code. It is intended to find and fix mistakes introduced into an application in the development phase, improving both the overall quality of software…

Code Security Analysis Code security analysis is a must for competitive enterprises Security is a major aspect of business competitiveness today. An attack on the enterprise can reduce productivity, tie up resources, harm…

Common Web Application Vulnerabilities The following is an extensive library of security solutions, articles and guides that are meant to be helpful and informative resources on a range of Web vulnerability types, including, but not…

Computer Worm What is a computer worm? Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. Worms typically cause harm to…

Credentials Management Flaws Information, Tutorial, and Cheat Sheet What is a credentials management attack? What is the best way to handle passwords in Java, PHP, and other languages? How do you prevent credentials management flaws? How do you remediate credentials…

Cross Site Scripting Prevention Cross site scripting prevention requires strong application security. Solutions for cross site scripting prevention are on the rise as cross site scripting (XSS) attacks continue to plague…

Cross site scripting vulnerability The danger of a cross site scripting vulnerability. As the number of cross site scripting attacks, or XSS attacks, continues to rise, organizations must find effective solutions to identify and fix a…

CSRF Token Prevent a Cross-Site Request Forgery with a CSRF token. While Cross-Site Request Forgery (CSRF) continues to be a common attack on applications, organizations can easily prevent it with a CSRF token…

CWE Eliminate top CWE errors with Veracode. The Common Weakness Enumeration (CWE) is a list of weaknesses in software that can lead to security issues. While the CWE list is long, it is also prioritized…

DAST Assessment Increase application security with a DAST assessment. A dynamic analysis security testing assessment, or DAST assessment, is a crucial part of any web application security testing program. In a DAST…

DAST Test Benefits of a DAST test for application security A dynamic analysis security testing tool, or a DAST test, is an application security solution that can help to find certain vulnerabilities in web…

Data Breach Data Breach Survival Guide The Cost of a Data Security Breach As the number of internet-connected devices skyrockets into the billions, a data breach prevention strategy is an increasingly important…

Data Loss Prevention Guide: Learn Data Loss Tips Guide to Data Loss Prevention, Data Loss and Data Leakage Why Is Data Loss Prevention Important? According to a Gartner CISO survey, data loss prevention (DLP) is a top priority for CISOs. Data loss…

Data Security Ultimate Data Security Guide Protecting Your Data Security and Data Privacy The first step in protecting your enterprise's data privacy and security is to identify the types of information you want…

DevOps Testing Cloud-based tools can speed DevOps testing As DevOps transforms the software development process, development teams everywhere are searching for powerful DevOps testing tools that provide the speed…

DevSecOps DevSecOps requires powerful testing tools DevSecOps, or secure devops, is the mindset in software development that everyone is responsible for app security. By integrating developers with IT…

Directory Traversal What Is Directory Traversal? Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Directory traversal, also known…

Encapsulation Vulnerabilities What Is an Encapsulation Vulnerability? Encapsulation refers to a programming approach that revolves around data and functions contained, or encapsulated, within a set of operating instructions.…

Ethical Hacking Guide to Ethical Hacking: Tools and Free Tutorial on Ethical Hacking What Is Ethical Hacking? Computer hacking is a practice with many nuances. Intent, whether benign or malicious, is often in the…

Failure to Restrict URL Access Background on the OWASP Top 10 and Failure to Restrict URL Access Failure to Restrict URL Access is one of the common vulnerabilities listed on the Open Web Application Security Project’s (OWASP) Top…

Gray Box Testing Application security through gray box testing In application security testing, gray box testing (or gray box testing) is a combination of white box testing and black box testing, and can be an…

Insecure Cryptographic Storage Insecure Cryptographic Storage Defined Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely. Insecure Cryptographic Storage isn’t a single…

Insufficient Transport Layer Protection Insufficient Transport Layer Protection Tutorial: Learn About Insufficient Transport Layer Protection Vulnerabilities and Prevention Insufficient Transport Layer Protection Defined Insufficient…

iOS Security Guide: Data Protection Tips iOS Security Overview According to Apple’s iOS Security Guide, iOS security can be viewed in four layers: system architecture encryption and data protection network security device access iOS System…

JavaScript Security What Is JavaScript? JavaScript is a high-level, interpreted programming language that has been widely used since its release in 1995. JavaScript is currently the world’s 11th most popular programming…

Keylogger Keyloggers: Detectors, PC Monitors, Keylogger Software, What Is a Keylogger What Is a Keylogger? Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (…

LDAP injection The danger of an LDAP injection LDAP injection is a type of attack on a web application where hackers place code in a user input field in an attempt to gain unauthorized access or information. Like…

Linux Hacking Learn about Linux Hacking Tools, How to Stop Hackers Background on Linux Linux is an open source operating system for computers. Linux is a Unix-like operating system, meaning that it supports…

Malicious Code What Is Malicious Code? Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a…

Microservices The challenge of making microservices secure. Microservices represent a decentralized approach to software development, where larger applications are broken down into smaller components, or…

Mobile app security testing Resolve vulnerabilities with mobile app security testing. With the rise of mobile Internet usage, mobile app security testing has become a critical part of protecting users and organizations from…

Mobile App Testing Secure mobile applications with superior mobile app testing. As you work to ensure the security of your mobile applications, the right mobile app testing solutions can help reduce cost and speed…

Mobile Code Security Improve the Security of Your Mobile Applications Mobile App and Mobile Code Security Risks There are two main categories of mobile code security risks: (1) malicious functionality and (2)…

Network security tools Add application testing to your network security tools. As companies strive to protect their computer systems, data and people from cyber attack, many have invested heavily in network security tools…

NIST Compliance Addressing NIST Special Publications 800-37 and 800-53 The National Institute of Standards & Technology (NIST), a non-regulatory agency of the U.S. Dept. of Commerce, is a measurement standards…

Open Source Vulnerabilities Open source vulnerabilities create serious risks. While open source software offers many benefits to enterprises and development teams, open source vulnerabilities pose significant risks to…

OWASP security Address OWASP security risks with Veracode. When you want to identify and remediate the Top Ten OWASP security threats, Veracode’s cloud-based services can help. The Open Web Application Security…

OWASP Testing Tools Enterprise application testing OWASP testing tools help remediate the biggest security threats. As you seek to focus your efforts at improving application security, acquiring OWASP testing tools is a…

OWASP Top 10 Vulnerabilities What is OWASP and the OWASP Top 10? The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security.…

Password Hacking How to Defend against Password Hacking Any way you look at it: your secret passwords are under attack. Computer hackers love to successfully defeat cryptography systems. Cybercriminals enjoy getting…

PCI security Veracode testing tools enable PCI security compliance. For software development organizations, complying with Payment Card Industry Data Security Standard 3.0 (PCI 3.0) requires an investment in…

Penetration Testing What Is Penetration Testing? Penetration Testing Defined There is a considerable amount of confusion in the industry regarding the differences between vulnerability scanning and penetration testing,…

PHP SQL injection test Protect your applications with a PHP SQL injection test. While SQL injection continues to be a major threat to PHP applications, organizations can easily prevent these potentially devastating attacks…

Preventing XSS Preventing XSS with a cloud-based testing solution While cross-site scripting (XSS) attacks continue to threaten enterprise security, preventing XSS attacks is simple – when you have the right tools…

Race Condition What Is a Race Condition Vulnerability? A race condition attack happens when a computing system that’s designed to handle tasks in a specific sequence is forced to perform two or more operations…

Reflected XSS The key to preventing a reflected XSS attack A reflected XSS attack is a kind of cross-site scripting attack, where malicious script is injected into websites that are trusted or otherwise benign.…

Role based access controls Improve security with role-based access controls. Role-based access controls are a method for restricting access to a network based on a user’s role within the organization. As threats to the network…

Rootkit: What is a Rootkit? Rootkit: What Is a Rootkit, Scanners, Detection and Removal Software What Is a Rootkit? A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while…

Ruby on Rails Security Ruby on Rails Secure Development Guidelines What Is Ruby? Ruby is an object-oriented programming language. Ruby was first developed in the mid-1990s by Yukihiro "Matz" Matsumoto. Ruby supports…

SaaS Application Monitoring Find vulnerabilities in web apps with SaaS application monitoring. As organizations rely ever more heavily on web applications for critical business functions, SaaS application monitoring is quickly…

SaaS Application Security Protect software more effectively with SaaS application security services. Application security tools delivered as Software-as-a-Service (SaaS application security) provide real advantages over on-…

SDLC Agile Making your SDLC agile and secure While the agile software development lifecycle, or agile SDLC, can deliver applications with greater speed, balancing security with SDLC agile processes has…

Secure Applications The challenges of building secure applications quickly. For development teams racing to meet build deadlines, the need to deliver applications on time often trumps the need to deliver secure…

Secure Compliance Meeting requirements for secure compliance in software development. As governments enact more laws governing the security of information and punishing data breaches, organizations everywhere are…

Secure Development Lifecycle The following is an extensive library of security solutions articles and guides that are meant to be helpful and informative resources on a range of security solutions topics, from web application…

Secure DevOps Secure DevOps requires best-of-breed testing tools While DevOps is disrupting software development in powerful and productive ways, implementing DevOps testing and understanding how to secure DevOps…

Secure Software Development Lifecycle (SDLC) The Importance of Secure Development Lifecycle With the vast amount of threats that constantly pressure companies and governments, it is important to ensure that the software applications these…

Security DevOps Putting Security into DevOps The practice of DevOps is transforming the software development lifecycle (SDLC), bringing lessons learned from quality control in manufacturing to the design and…

Security Review Software Security Review Software, Enterprise Software Security Review, Code Security Review What Is a Software Security Review? The goal of a software security review is to identify and understand the…

Security testing tools for mobile applications Simplify security testing for mobile applications. When it comes to security testing for mobile applications, development teams have traditionally faced a tough dilemma. Traditional mobile app…

Security Vulnerability Assessment Software Vulnerability Assessment Software and Service, Scan and Identify Vulnerabilities in Code Get a Superior Alternative to Security Vulnerability Assessment Tools and Software Vulnerability assessment…

Session management The risk of broken session management. Broken authentication and session management is consistently one of the OWASP Top 10 Web Application Security Risks, and a vulnerability that developers must…

Software Code & Security Audit Three Critical Kinds of Software Audit There are many ways to “audit” a software application. Indeed the most basic kinds of software audit examine how the software is functionally configured,…

Software Code Security & Secure Code Analysis Software Code Security Protects the Enterprise The enterprise today is under attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers have…

Software containers How to secure software containers. Adoption of software containers has risen dramatically as more organizations realize the benefits of this virtualized technology. Software containers are…

Software Development Lifecycle (SDLC) What is a Software Development Lifecycle? SDLC Defined: SDLC stands for software development lifecycle. A software development lifecycle is essentially a series of steps, or phases, that provide a…

Software Security Testing Software Security Testing Provides Critical Protection The Importance of Software Security Assessments Software security testing offers the promise of improved IT risk management for the enterprise.…

Software Security Testing Tools What is Security Testing? A code security test analyzes how code is written and how it interacts with other objects in an environment to identify weaknesses or flaws that would allow an attacker to…

Software Testing Protect applications with integrated software testing solutions Software testing to find flaws and vulnerabilities in code is a critical part of the software development lifecycle (SDLC) – especially…

Software Testing Methodologies and Techniques There are a variety of different software testing methodologies development organizations use. The software testing technique an organization uses and the software testing lifecycle it follows are…

Software Testing Process As the enterprise network has become more secure, attackers have turned their attention to the application layer, which, according to Gartner, now contains 90 percent of all vulnerabilities. To…

Software Testing Tools Why Use Software Testing Tools? Most companies today will experience some form of attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers…

Source Code Analysis Superior source code analysis offers greater security As the enterprise today is under constant threat from malicious attacks, source code analysis has become a top priority. By reviewing internally…

Source Code Analyzer Source Code Security Analyzer Tool The enterprise today is under constant attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers have…

Spoofing Attack: IP, DNS & ARP What Is a Spoofing Attack? A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or…

Spyware What Is Spyware? Although it sounds like something James Bond would employ, spyware is all too real. Spyware is any software that installs itself on your computer and starts covertly monitoring…

SQL cheat sheet Get the latest on SQL injection with an SQL cheat sheet. SQL injection, also known as SQL insertion, is a dangerous vulnerability that is highly prevalent in enterprise web applications. While SQL…

SQL Injection Attacks & How To Prevent Them The danger of SQL attacks. SQL attacks are among the most common threats to application security today. It takes relatively little skill to mount an SQL injection in .NET, Java or PHP, and the…

SQL Injection in Java Combating SQL injection in Java applications. SQL injection in Java web applications continues to be a significant threat to enterprise security. The reason: a Java SQL injection is remarkably easy…

SQL injection scanner Protect your applications with an SQL injection scanner. SQL injection continues to be a significant threat to application security, but the right SQL injection scanner can protect your software from…

Static Analysis: Static Analysis Tools and Platforms Veracode Is a Static Analysis Platform What Is Static Analysis? Static security analysis is one of the many code review tools that can be implemented without actually executing, or running, the…

Static Code Analysis What is Static Code Analysis? Static code analysis, also commonly called "white-box" testing, is one of veracode's code review tools that looks at applications in non-runtime environment. This…

The dangers of open source risk As the use of open source code in development projects continues to grow exponentially, software development teams must take great pains to address open source risk. Open source libraries can deliver…

Third-Party Risk Assessment How to make third-party risk assessment easier. When it comes to purchasing software, third-party risk assessment is more difficult today than ever. Applications – and web applications especially –…

Unit Testing The challenge of unit testing. Unit testing is a software testing method that has been gaining in use and popularity in recent years. By testing small individual units of source code as applications…

Vendor Application Security Testing VAST reduces the risk associated with third-party software — so you can innovate with more speed and confidence than ever. With VAST, we manage the entire third-party program for you as a cloud-based…

Vulnerability Assessment and Penetration Testing What Is Vulnerability Assessment and Penetration Testing? Vulnerability Assessment and Penetration Testing (VAPT) are two types of vulnerability testing. The tests have different strengths and are…

Vulnerability Management What Is Vulnerability Management? Vulnerability management can be defined as “the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities."1 Organizations use…

Vulnerability Scanner Tools Vulnerability Scanning Enhances Enterprise Security Enterprise applications are under attack from a variety of threats. To protect the security of the enterprise, companies must be sure that their…

Web App Penetration Testing Achieve compliance with manual web app penetration testing. Web app penetration testing is a key security requirement for a variety of regulatory frameworks, from PCI DSS and GLBA to HIPAA and FISMA…

Web Application What is a Web Application? Simply put, a web application is any application that is accessed via a web browser. The browser is the client that runs the web application and allows the user to enter…

Web Application Audit Make a web application audit part of your SLDC. For app developers, a web application audit is the best way to ensure your app is secure before you release it and to prevent hacks, damage to…

Web Application Development: Secure Coding The challenge of secure web application development Secure web application development is acknowledged as a critical priority for every enterprise producing software. Yet fewer than 10% of security…

Web Application Monitoring Improve security with web application monitoring Web application monitoring solutions are quickly becoming an essential part of application security. Your organization increasingly relies on web and…

Web Application Penetration Testing Find more flaws with manual web application penetration testing. When searching for vulnerabilities in websites and web apps, manual web application penetration testing is essential. Automated…

Web application scanner Protecting software with a web application scanner. A web application scanner is a critical part of enterprise application security. Web applications are one of the most vulnerable aspects of…

Web Application Scanning Address vulnerabilities with web application scanning As organizations rely more heavily on digital marketing and online communication, web application scanning can help IT teams to monitor the web…

Web Application Security Standards Protecting software with web application security standards As web applications are now the #1 target in confirmed security breaches, development teams must adhere to web application security…

Web Application Security Testing Protect your enterprise with web application security testing Web application security testing is critical to protecting your both your apps and your organization. Your web applications are likely to…

Web Application Testing Securing your organization with web application testing Web application testing is a critical tool in the defense against security threats to your software applications. Web applications are…

Web pen testing Web pen testing: a critical component of application security. Web penetration testing, or web pen testing, is an important part of ensuring that applications are free of vulnerabilities that could…

What is a worm What is a worm? Along with “computer virus,” the term “computer worm” has become a highly familiar phrase thanks to the rapid rise and media coverage of cyber threats in recent years. But what is a…

What is an integrated development environment What is an integrated development environment? In software development, an integrated development environment(IDE) is a central technology used by developers to write code. But what is an integrated…

What Is an Integrated Development Environment (IDE)? An integrated development environment (IDE) is an application that facilitates application development. IDEs are designed to encompass all programming tasks in one application. Therefore, IDEs offer…

What is IAST? Interactive Application Security Testing IAST (interactive application security testing) analyzes code for security vulnerabilities while the app is run by an automated test, human tester, or any activity “interacting” with the application…

What is SQL Injection What is SQL injection? With SQL injection attacks on the rise, many who aren’t experts on cybercrime are often hard-pressed to answer questions like “What is SQL injection and how do I prevent it?”…

What is Systems Development Life Cycle What is system development life cycle? The term “system development life cycle,” or SDLC, is tossed around frequently when talking about the software develop process, but many people have only a…

What is Third-Party Software Security Third-party also known as supply chain, vendor supplied or outsourced software is any program or application that is not written exclusively by employees belonging to the company for which that…