Everand Logo

Welcome to Everand!

  • Linux Format

    Build a dynamic app security pipeline

    Sep 21, 2021 8 minutes

    The battle between developers and malicious hackers is one that developers have been losing. A lot of the time, it comes down to mentality and company priorities. Hackers, like burglars, only need to find a single open window or unlocked door to get in. You wouldn’t check that you’ve locked your door only once every few months, yet this is the exact approach many companies take to security.

    Dynamic Analysis Security Testing (DAST) is perhaps the most overlooked stage of any security pipeline, frequently relegated to a check-up every six months by an outside consultancy that does an automated scan with Burp Suite or Zed Attack Proxy (ZAP) and provides you with a (hopefully short) report and an invoice in the range of £3,000-30,000, mostly depending on the scope. In most cases, the consultants don’t go further than the automated scan because at that point they already have enough to write a multi-page report.

    But here’s the thing: when malicious actors (aka hackers) attack your web app, site or API, they aren’t checking if your code is neatly formatted, they’re essentially doing dynamic analysis. They’re looking for a place where you’ve not validated the input, an endpoint that you’ve forgotten to protect, cookie slack, a vulnerable login system, leaked

    You’re reading a preview, subscribe to read more.

    More from Linux Format

    Linux Format3 min read
    Sovol SV08
    The Voron Design team is a volunteer group of engineers who create free open source blueprints for the best-quality 3D printer you can print, build and modify yourself. Some manufacturers have been accused of helping themselves to Voron’s designs to
    Linux Format4 min read
    Mailserver
    Having switched over to Linux Mint from Windows, I was a bit surprised by how bad some websites look – I’m using Vivaldi and Firefox. I thought the web had moved to web pages that can display their own fonts, even if they’re not installed on your com
    Linux Format1 min read
    Google Backs Down On Cookies
    Given the huge market share owned by Google and its flagship browser Chrome, it’s understandable why some advertisers were alarmed in 2020 when the tech giant announced its plans to phase out third-party cookies. Originally, this was part of a two-ye

    Related Books & Audiobooks