• Tags
access
administrators
analysis
and
API
Application
architects
architecture
(ASM)
assessment
(AST)
Attack
attacks
auditing
automation
awareness
beginners
best
box
Browser
career
center
Cloud
Code
coding
compliance
composition
Container
Cross-site
culture
cycle
(DAST)
Data
Database
Denial-of-service
developers
development
DevSecOps_longer
(DLP)
(DoS)
Dynamic
education
Embedded
Encryption
engineering
engineers
Enterprise
escalation
event
everyone
executives
exploit
Extensible
firewall
for
Fuzz
governance
Grey
(IAM)
Identity
In-memory
incident
information
InfoSec
injection
Input
Integration
intelligence
interface
IT
language
life
loss
Malware
management
managers
markup
metrics
Mobile
modeling
monitoring
Network
Object-oriented
(OOP)
Open
Operating
operations
(OWASP)
Password
Phishing
Physical
policy
practices
prevention
Privilege
professionals
programming
project
protection
Ransomware
(RASP)
response
review
Risk
Runtime
(SAST)
(SCA)
scripting
(SDLC)
Secure
security
security_longer
self-protection
Side-channel
(SIEM)
(SOC)
software
Static
surface
system
systems
testers
testing
Threat
training
trust
validation
vulnerability
(WAF)
(WAST)
weaknesses
web
Wireless
(XML)
(XSS)
Zero
Zero-day

Security Testing

Security testing is a systematic process of evaluating an information system or product for vulnerabilities that could be exploited by attackers. It is an important part of any organization’s security program, as it can help to identify and fix security flaws before they can be exploited. There are a variety of different security testing methods that can be used, depending on the specific needs of the organization. Some of the most common methods include:

November 15, 2022 Read

Grey Box Testing

What is Grey Box Testing? Grey box testing is a type of software testing that combines elements of black box testing and white box testing. In black box testing, the tester has no knowledge of the internal workings of the software being tested. In white box testing, the tester has full knowledge of the internal workings of the software being tested. Grey box testing falls somewhere in between these two extremes.

May 12, 2022 Read

Integration Testing: The Next Step in Software Testing

Integration testing is a type of software testing that is conducted to verify the interfaces and interactions between software modules. It is the next step in software testing, after unit testing. The goal of integration testing is to ensure that the different modules of a software system work together correctly. This is done by testing the interfaces between the modules, as well as the interactions between the modules. Integration testing can be conducted using a variety of methods, including:

October 6, 2021 Read

Application Security Testing: Protecting Your Apps

Application security testing (AST) is the process of identifying and mitigating security vulnerabilities in software applications. AST can be performed at any stage of the software development lifecycle (SDLC), from design and development to testing and deployment. There are a number of different AST techniques, including: Static application security testing (SAST): SAST tools analyze the source code of an application to identify potential security vulnerabilities. Dynamic application security testing (DAST): DAST tools interact with an application in its running state to identify potential security vulnerabilities.

May 4, 2021 Read

Web Application Security Testing (WAST)

Web application security testing (WAST) is the process of identifying and assessing security vulnerabilities in web applications. It is an important part of any organization’s information security program. WAST can be conducted manually or using automated tools. Manual WAST is typically more thorough, but it can be time-consuming and expensive. Automated WAST is less thorough, but it can be conducted quickly and easily. The results of a WAST can be used to prioritize security efforts, to develop mitigation strategies, and to improve the overall security posture of an organization.

February 14, 2021 Read

Static Application Security Testing (SAST): A Deep Dive

Static application security testing (SAST) is a type of software testing that analyzes source code for potential security vulnerabilities. SAST tools can be used to scan for a wide range of vulnerabilities, including injection attacks, buffer overflows, and SQL injection. SAST is a valuable tool for organizations of all sizes. By identifying and fixing security vulnerabilities early in the development process, SAST can help to prevent attackers from exploiting these vulnerabilities to gain unauthorized access to systems and data.

January 17, 2021 Read

Fuzz Testing: A Black-Box Testing Technique

Fuzz testing is a black-box testing technique that can be used to find security vulnerabilities in software. Fuzz testing works by feeding random or unexpected input to a software application and then observing the application’s response. If the application crashes or behaves unexpectedly, it may be vulnerable to a security attack. Fuzz testing is a powerful tool for finding security vulnerabilities, but it is important to note that it is not a silver bullet.

November 2, 2020 Read

Mobile Application Security Testing

Mobile applications are becoming increasingly popular, as they offer a number of benefits, such as convenience, portability, and flexibility. However, mobile applications also introduce new security challenges. Mobile application security testing is the process of identifying and mitigating security vulnerabilities in mobile applications. It is a critical part of the mobile application development lifecycle, as it can help to prevent security breaches and protect users from malicious attacks. There are a number of different methods that can be used to test mobile application security.

August 2, 2020 Read

Dynamic Application Security Testing (DAST): A Hands-On Approach

Dynamic application security testing (DAST) is a type of security testing that scans a web application for vulnerabilities while it is running. DAST tools send simulated attacks to the application and then analyze the application’s responses to identify potential vulnerabilities. DAST is a valuable tool for identifying security vulnerabilities in web applications. However, it is important to note that DAST is not a silver bullet. DAST tools cannot find all vulnerabilities, and they can sometimes generate false positives.

December 27, 2019 Read