The Office of Management and Budget (OMB) released a memorandum on August 10, 2021, in response to Executive Order (EO) 14028, Improving the Nation’s Cybersecurity. The EO recognizes the importance of software security to protect against malicious cyber attacks that threaten the American people’s security…
Is it good? Ask the developer!
We’re so used to the image of the “security guy” who takes care of all the cybersecurity needs in the company that it keeps security siloed and makes progress impossible. We have to get rid of that image and realize that in some cases, notably…
Black Hat 2021: What we don’t know may be the greatest cybersecurity threat
I always come away from the Black Hat USA cybersecurity conference having learned something new, feeling inspired, and imbued with just the right amount of angsty determination to do my part to help improve what is, in my opinion, one of the most pressing collective…
DIY security – are you doing it right?
There is no tool in the world that can fully replace a human when it comes to finding web vulnerabilities. A skilled security researcher is always able to find more than an automated scanner. There is just one problem. With a ratio of thousands of…
5 reasons why every MSSP needs a professional web application security solution
Managed security service providers (MSSP) are a fantastic alternative for small to medium-sized organizations whose primary objectives are to hire employees that are business-focused, not recruit teams of IT and security professionals who, whilst valuable to the security of the organization are not contributors to…
Cybersecurity metrics for web applications
Small and mid-sized businesses are able to manage their information security, including web application security, in a very direct fashion. The numbers of assets, vulnerabilities, and incidents are low enough for the security manager to be able to have a clear view of IT security…
Setting and achieving your application security goals
Ensuring application security and resilience is largely a technical endeavor. From source code development to vulnerability and penetration testing and all the variables in between, there are a lot of moving parts on the technical side. It’s important, however, to remember the soft side of…
Bouncing back: how your agency can handle disruption and embrace resilience
Invicti, the company behind Acunetix and Netsparker, has been securing public sector web applications for years, working with prominent agencies such as NIH, DOT, and the United States Armed Forces. As part of GovLoop’s Cyber Resiliency Guide, Bouncing Back: How Your Agency Can Handle Disruption and…
What is SCA and why you need it
The security of your business depends not just on your code but on the entire supply chain, which includes third-party components. The more third-party components you use, the more likely it is that a vulnerability in your web application will be a result of third-party…