Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Working with Scan Results Using the Veracode Visual Studio Extension

Feb 19, 2021 By Veracode In Veracode
In this video, you will learn how to download, import, and view Veracode scan results using the Veracode Visual Studio Extension. You will also learn how to mitigate findings discovered during the scan in Visual Studio. When the Veracode scan of your application scan has completed successfully, you can download the scan results to your local machine using the Veracode Visual Studio extension or directly from the Veracode Platform. You can also use the Veracode Visual Studio Extension to propose mitigations for flaws discovered in your application during scanning.
View Video
jfrog

Automate DAST in DevSecOps With JFrog and NeuraLegion

Feb 17, 2021 By Oliver Moradov, VP of NeuraLegion In JFrog

NeuraLegion’s VP Oliver Moradov takes us through how you can use JFrog and NeuraLegion to automate AppSec testing in your pipelines. The days of long release cycles are well and truly behind us — it is simply not feasible in our agile development world, with developers delivering software and more features at an unprecedented scale and speed. With DevOps, we have multiple development teams running multiple concurrent builds, which is great, but security testing has not kept up.

Read Post
alienvault

What is cybersecurity testing? Reviewing testing tools, methodologies for proactive cyber readiness

Feb 9, 2021 By Mark Stone In AT&T Cybersecurity

This article was written by an independent guest author. Your organization may boast all the best cybersecurity hardware, software, services, policies, procedures and even culture. If this is the case, you’re way ahead of the curve. But no matter how confident you are about your overall cybersecurity posture, how can you really know? Knowing is where cybersecurity testing comes in.

Read Post
mend

Gray Box Testing Guide

Feb 4, 2021 By Patricia Johnson In Mend

In order to develop stable and secure applications, you need to inspect and verify that your software performs as expected. The most common approaches to testing software are white box testing, black box testing, and gray box testing. While white box testing and black box testing have their pros and cons, gray box testing combines the two testing approaches in an attempt to overcome their deficits.

Read Post

Create and Run an Unauthenticated Dynamic Analysis

Jan 28, 2021 By Veracode In Veracode
In this video, you will learn how to create, configure, and schedule an unauthenticated Dynamic Analysis. An unauthenticated Dynamic Analysis scan is appropriate when the site you are scanning does not require a login. Veracode Dynamic Analysis also supports the scanning of websites that require authentication, such as such as login via a webform, browser based, or NTLM.
View Video
appknox

Everything You Need to Know About Web Socket Pentesting

Jan 20, 2021 By Saket Taneja In Appknox

WebSockets is a bi-directional, full-duplex communications protocol initiated over HTTP. They are commonly used in modern web applications for streaming data, Chat applications, and other asynchronous traffic. It is a protocol where the client and server can send the messages simultaneously over the channel.

Read Post
veracode

Nature vs. Nurture Tip 3: Employ SCA With SAST

Jan 5, 2021 By Hope Goslin In Veracode

For this year’s State of Software Security v11 (SOSS) report, we examined how both the “nature” of applications and how we “nurture” them contribute to the time it takes to close out a security flaw. We found that the “nature” of applications – like size or age – can have a negative effect on how long it takes to remediate a security flaw.

Read Post
redscan

The MITRE ATT&CK framework and scenario-based security testing

Dec 22, 2020 By The Redscan Team In Redscan
Statistics routinely collected and assessed as part of network and endpoint monitoring include events per second, alerts and false positives, with success often benchmarked by the time to detect, respond and recover. Incorporating scenario-based testing into the threat detection process allows organisations to obtain additional insight into the true effectiveness of detection and response controls and procedures by benchmarking performance against the attributes of specific types of attacks.
Read Post
veracode

Defense in Depth: Why You Need DAST, SAST, SCA, and Pen Testing

Dec 16, 2020 By Laura Paine In Veracode

When it comes to application security (AppSec), most experts recommend using Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) as “complementary” approaches for robust AppSec. However, these experts rarely specify how to run them in a complementary fashion.

Read Post
graylog

Red Team Tools Detection and Alerting

Dec 16, 2020 By Nick Carstensen In Graylog

The FireEye breach on Dec 8, 2020, was executed by a “nation with top-tier offensive capabilities.” These hackers got a hold of FireEye’s own toolkit, which they can use to mount new attacks globally. What does this mean for you? Mandiant is a leading Red Team/Penetration Testing company with a highly sophisticated toolkit, called the "Red Team tools." These are digital tools that replicate some of the best hacking tools in the world.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.