Original Question: API scanning - Dynamic Token Strategy for Authentication by HansEnders
I found this question on one of our Fortify Unplugged videos, and have directed that user here for a better discussion that the Comments thread.
"C an you…
Technical Insights for You
When: Wednesdays across multiple time zones
Where: GoTo Webinar link provided to registered participants
Cost: Free
Register Now>
In this session we will look at identifying OSS risks with supply chain security…
Technical Insights for You
When: Wednesdays across multiple time zones
Where: GoTo Webinar link provided to registered participants
Cost: Free
Register Now>
Fortify: ScanCentral SAST Troubleshooting Tips, March 2nd
In this session we will…
Technical Insights for You
When: Wednesdays across multiple time zones
Fortify: Jenkins integration, Feb 23rd
Speaker: Julio-Cesar Araya, WW Customer Support
In this session we will see an overview of the integration between Jenkins and…
Technical Insights for You
When: Wednesdays across multiple time zones
Fortify and Github Actions, Feb 23
Build secure software fast with Fortify. Fortify offers end-to-end application security solutions with the flexibility of testing on…
Technical Insights for You
When: Wednesdays across multiple time zones, beginning in January 2022
Where: GoTo Webinar link provided to registered participants
Cost: Free
Register Now>
Fortify Performance Troubleshooting in WebInspect, Feb…
Technical Insights for You
When: Wednesdays across multiple time zones
Where: GoTo Webinar link provided to registered participants
Cost: Free
Register Now>
Fortify: SCC Setup and Migration, Feb. 16
An easy and flexible way to audit your…
read more at microfocus
Another Language Supported, Another Team Success for Fortify AppSec
Fortify application solutions continues to bring our market leading SAST capabilities to new technologies so that more developers - regardless of…
read more at microfocus
The Developer’s Journey into AppSec
Many Developers work in an ever-changing environment that puts Speed-to-Market as a high priority. Their time needs to be optimized; and workflow consistent so that their product…
Think beyond infrastructure
As more companies move operations to the cloud and look to streamline infrastructure management, adoption of GitOps is on the rise. GitOps is an effective way to streamline infrastructure management and directly impact…
With API growth, be ready to scale
With API use proliferating rapidly within enterprise IT environments, concerns over API security have been growing as well. The trend is driving interest in—and an emerging market for—extending application…
Please join us for 1, 2 or all 3 meetings in this series about the journey from WebInspect Enterprise to ScanCentral DAST and what to expect along the way.
Session One - The evolution and future of ScanCentral DAST, Wednesday, July 21
Session Two…
The world runs on software. That's one of the reasons applications are a prime target for cyber criminals and other threat actors seeking illicit gains from organizations. It's also why it's more important than ever to have a mature application security…
read more at techbeacon
DevSecOps delivers resilience: How to build bridges with your dev team
Often short on resources, CISOs leading the security charge struggle to catch up with daily demands when it comes to overall security issues threatening…
read more at techbeacon - Spot problems before you ship
Secure your code review: 8 key questions to ask
Whether you’re reviewing a team member’s pull request, pairing, or even reviewing your own code before deploying, code review provides…
Your code, your responsibility
5 best practices for shifting app sec to your development team
Development teams and security teams have traditionally had their own silos, their own functions, and their own tools and language. Developers create…
How your app sec approach can help decode and foil IoT attacks
To stay on top of IoT security, apply lessons from application security to your security stance. Here's what you need to know and how to get started.
API abuse is a growing cyber threat
APIs define a backdoor into adjacent systems and apps for those who are intent on gaining access, both legitimately and otherwise. See how to combat that in our new AppSec blog.
An insider's guide to better app sec
How to put the Threat Modeling Manifesto into action
The manifesto project resulted from the gathering of 15 passionate threat modeling people, throwing all of their collective knowledge, wisdom, and experience…
What is Open Source Security? | AppSec 101
In Episode 10 of our AppSec 101 series, Matt Stanchek discusses the basis of open source security, the risks involved with open source, and security best practices.
Why security champions are key
5 ways to make your low-code development more resilient
The security and resilience of low-code platforms and the resulting applications continue to be questionable. While many types of security issues—such as command…
The attached report gives you a list of accepted solutions in the discussion board over the past months/years.
Latest version - January 26, 2021, attached.
If you find that any post resolves your issue, please be sure to mark it as an…
Minimize weak links
Attacks move up the supply chain: 7 ways to secure your open source
Open-source software components have become essential to developers around the world—and that popularity made them a hacker magnet. The 'State of the Software…
Will AI delete your app sec job? 5 lessons for software teams
How much should software and application security teams worry? Here are five lessons from top experts that provide a reality check.