Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.


Third category of application security tools beyond "static" and "dynamic"?

Recently, Clark Coleman asked a very logical question about application security tools.

Continue Reading >>

Waiter… there’s a fly in my appsec tool soup!!!

Brace yourself. Recent advances in application security are about to spawn an onslaught of application security tool vendors who think you absolutely must have their "complete" solution to protect your applications.

They want to sell you the old..

Continue Reading >>

How to Get Started in Application Security

My OWASP Cheat Sheet for Cross-site Scripting (XSS) just passed 1M views, and I'm proud of that. It ain't Shakespeare, so that means a lot of people are actually interested in knocking out XSS.

Making application security accessible and..

Continue Reading >>

Why the Java serialization vulnerability makes Heartbleed look tame - explained

I've been receiving questions from some of you to provide a bit more detail on why this Java vulnerability is so critical to fix...

Basically, why is this such a big deal? 

It’s a big deal because many enterprise applications are vulnerable. It’s..

Continue Reading >>

How to protect your Apps from the Java Serialization Vulnerability

 A widespread vulnerability in Java environments leaves thousands of businesses seriously exposed. Despite lacking a clever name — ala Heartbleed, Shellshock, and POODLE — this vulnerability is poised to allow hackers to do damage across the..

Continue Reading >>

Staying Compliant with PCI DSS Can Be Easier Than You Think


What Does PCI DSS Compliance Mean?

In 2004, Visa, MasterCard, Discover, American Express, and JCB combined their minimum security standards for credit card processing together and crafted the Payment Card Industry Data Security Standard (PCI..

Continue Reading >>

Contrast Security Solves Enterprise Application Security Challenges

Stops application-based attacks at unprecedented scale

Palo Alto, Calif. – March 25, 2015 – Contrast Security, creator of the world’s fastest application security software, today announced new Contrast Enterprise features that respond to the..

Continue Reading >>

Why Do I Need Another Application Security Tool?

If you’re like most organizations, you’ve got an array of application security tools.  Some of them are probably used a lot, some are incredibly irritating, some never seem to work, and some are shelfware.  You’ve probably got a mix of open..

Continue Reading >>

The Agony and the Ecstasy of Securing .NET Applications

Microsoft .NET applications can be just as vulnerable to attack as other apps.  As with any other development platform, developers are often focused more on business functionality than about making sure their applications protect the data with..

Continue Reading >>

Don’t Panic: Insecure Libraries Are Not the Apocalypse

The use of open source software has more than doubled from 6 billion to 13 billion component downloads per year. It’s almost impossible to imagine an application that doesn’t leverage a significant amount of open source code somewhere in the..

Continue Reading >>


Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook