Code Dx Application Security Blog

Video conferencing security: “Zoom and doom”  demonstrates AppSec threat

Video conferencing security: “Zoom and doom” demonstrates AppSec threat

“Zoom and doom” and “Zoom bombing” are taking over headlines as the Zoom video conferencing app experiences very public security problems. As the coronavirus social distancing requirement spread, Zoom usage increased by 1,900 percent between December and March, increasing from 10 million to 200 million daily users. Zoom wasn’t ready for the increased demand and the added exposure to security threats that came with it.

read more
How to create an effective application security budget for your organization

How to create an effective application security budget for your organization

Cyber security is a broad area, including several items such as network security and application security. If you are a CISO responsible for the cyber security budget, you know that proper protection is key. Cyber attacks can cost your business more than a million dollars, and that number is based on conservative estimates. The real cost of an attack includes damage to your reputation, future lost sales, and plummeting stock prices.

read more
Network security vs. application security: Why you need both for strong enterprise risk management

Network security vs. application security: Why you need both for strong enterprise risk management

It can be challenging to juggle both application and network security and know how many of your resources you should devote to each program. Organizations often take an either/or approach, focusing more attention on either application security or network security. However, both are equally important for a comprehensive enterprise risk management strategy.

read more
Gartner names Code Dx in its AppSec Hype Cycle Report

Gartner names Code Dx in its AppSec Hype Cycle Report

Code Dx has been named in Gartner’s 2019 Application Security Hype Cycle Report in a key emerging market area: Application Security Orchestration and Correlation (ASOC). Yearly, Gartner produces a report that details the current state of the Application Security Marketplace, including emerging and fading market area trends.

read more
How to manage IoT application security vulnerabilities more efficiently

How to manage IoT application security vulnerabilities more efficiently

As the number of IoT applications and devices continues to grow, so does the need for improved IoT security—yet the reality is we have a long way to go. A recent article pointed out that more than 2 million security cameras, doorbells, and even baby monitors contain serious IoT vulnerabilities. The worst part is there is no known patch for the common flaws in these everyday devices. 

read more
Common application security challenges & how to overcome them

Common application security challenges & how to overcome them

Application security challenges lie not only in the threats and application vulnerabilities themselves, but also in the processes and approaches taken within the organization to manage application security. A closer look at some of the top application security challenges from both a threat standpoint and a business management view can help you avoid some of the most common pitfalls.

read more
Vulnerability Management: Is 100% code and vulnerability coverage realistic?

Vulnerability Management: Is 100% code and vulnerability coverage realistic?

In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.

read more
Each SAST tool only discovers about 14% of the vulnerabilities in your code

Each SAST tool only discovers about 14% of the vulnerabilities in your code

An essential element of the application development process is scanning the software to find potential vulnerabilities. Static Application Security Testing tools are notorious for returning lots of results (often thousands, even for relatively small applications), which can overwhelm a developer. But no matter how they feel about the results, software developers must understand that by running only one application security testing tool—even the best on the market—they are missing most of the weaknesses in their code.

read more
Everything you need for PCI compliance scan success

Everything you need for PCI compliance scan success

If your company handles payment transactions of any type, then you’re  familiar with the Payment Card Industry Data Security Standard (PCI DSS)—a group of security standards designed to create and maintain a secure environment for any company that accepts, processes, stores, or transmits credit card information. Because we provide tools for application security, we will focus primarily on how this regulation affects companies building applications.  

read more