Cypress Data Defense's case study on the benefits of our Application Security Program.

Today there is a shortage of qualified software security engineers. This is alarming given the increase in sophisticated cyber-attacks on businesses, end-users, and software applications. Take your team’s security practices to the next level by turning your software engineers into security champions. What if your team was equipped with the know-how to ensure code is secure and functional from the very first phase of software development? This can mitigate future threats, decrease risks, stop data breaches from occurring, and prevent costly lawsuits often resulting from a breach.

Often times, the terms “authentication” and “authorization” are confusing for non-security persons. This presentation clarifies the difference of the two, and provides real-world examples as to how they are used. Take a few minutes out of your day to understand ideas such as the four factors of authentication, different types of authorizations, and different ways to perform each.

The OWASP Top 10, as the name implies, is a list of the top 10 web application vulnerabilities as determined by OWASP. The list is updated and released every few years with the most recent release being the 2017 list. This download provides an introduction to the current list, along with some notes on the changes from the previous (2013) list.

Cross-site request forgery (CSRF) vulnerabilities will continue to plague web applications long after its removal from the 2017 edition of the OWASP Top 10. While new architectures, development frameworks, and network devices can help prevent CSRF vulnerabilities, it is important for development teams to understand the vulnerability and how the mitigation strategies impact application security.

Automated scanners are powerful tools that can provide some huge security benefits to any organization that utilizes them. However, are automated scanners alone enough to get an accurate assessment of your application’s risk? This download provides a basic introduction to different types of scanners and attempts to break down areas where automated scanners fall short.