Security Compass Blog

Learn about what's happening in software development and application security.

  • Building a Cybersecurity Program for Industrial Control Systems

    Building a Cybersecurity Program for Industrial Control Systems

    Industrial control systems have evolved considerably over the last few years as a result of increased connectivity with the internet. However, this has also led to the rise of cyberattacks.

    Read Article
  •  Confronting Common Container Security Vulnerabilities

    Confronting Common Container Security Vulnerabilities

    Containers are transforming how businesses deploy and use applications. Find out how you can defend your business against common container security risks.

    Read Article
  • Penetration Testing at the Speed of Agile

    Penetration Testing at the Speed of Agile

    When penetration testing in Agile, yearly is not enough. Learn how continuous penetration testing leads to cost savings, time savings, and more secure software.

    Read Article
  • Check Out Upcoming Events & Webinars!

    Learn More
  • SD Elements Meets the U.S. DoD Iron Bank Security Requirements

    SD Elements Meets the U.S. DoD Iron Bank Security Requirements

    SD Elements is now available in the U.S. DoD Platform One Iron Bank repository which contains authorized container images hardened to the department’s exacting specifications.

    Read Article
  • Secure Your Software Build Operations

    Secure Your Software Build Operations

    What secures (or fails to secure) your business does not depend on written policies. It depends on what your development team is doing day in and day out.

    Read Article
  • TimeGap Theory: Testing for TOCTOU Issues in Web Applications

    TimeGap Theory: Testing for TOCTOU Issues in Web Applications

    Your security and development teams should know how to identify and mitigate TOCTOU vulnerabilities. Learn why, and learn how, to test for them in this new book.

    Read Article
  • How to Build Custom Red Team Testing Tools in C++

    How to Build Custom Red Team Testing Tools in C++

    A conversation with Steven Patterson about his eBook, which teaches red team testing professionals how to start building Command and Control tools in C++.

    Read Article
  • The 2021 State of DevSecOps: Challenges and Drivers

    The 2021 State of DevSecOps: Challenges and Drivers

    In our survey, we found a rising trend toward the adoption of DevSecOps over the last year.

    Read Article
  • Survey: The 2021 State of DevSecOps

    Survey: The 2021 State of DevSecOps

    Last year was challenging, but it also presented a great opportunity for organizations to address cybersecurity in scalable ways. Let's learn where security is headed in 2021.

    Read Article
  • Cloud versus Traditional Security: Protecting Your Data & Systems

    Cloud versus Traditional Security: Protecting Your Data & Systems

    To stay secure while embracing the cloud, your organization will need a security program that takes into account the differences between cloud and traditional security.

    Read Article
  • The Future of Cybersecurity: Five Emerging Trends

    The Future of Cybersecurity: Five Emerging Trends

    2020 upended security strategies and IT roadmaps. Our team identified five cybersecurity trends that will influence security and business priorities moving ahead.

    Read Article
  • Using Balanced Development Automation to Achieve Both Speed and Security for CMMC

    Using Balanced Development Automation to Achieve Both Speed and Security for CMMC

    CMMC is a means of unifying cybersecurity standards for the U.S. Department of Defense. Learn how you can achieve compliance with this new standard.

    Read Article
  •  Responding to Ryuk: Healthcare and the Ransomware Threat

    Responding to Ryuk: Healthcare and the Ransomware Threat

    Learn how penetration testing can help healthcare providers resist attacks from Ryuk Ransomware, keep patient records secure, and provide uninterrupted care.

    Read Article
  •  API Security Testing: Best Practices & Key Vulnerabilities

    API Security Testing: Best Practices & Key Vulnerabilities

    Attackers are following the trajectory of software development and have their eyes on APIs. Regularly testing the security of your APIs reduces your risk.

    Read Article
  • Vulnerability Scanners: Are These Enough for Your Applications?

    Vulnerability Scanners: Are These Enough for Your Applications?

    Security testing has increased considerably over the past decade. But are vulnerability scanners enough to ensure software security?

    Read Article
  •  What to Look for in a Penetration Testing Provider

    What to Look for in a Penetration Testing Provider

    Ask these five questions to find a penetration testing provider that both satisfies your technical needs and works in harmony with your business.

    Read Article
  • SaaS Deployments: Security Checklist for Cloud Services

    SaaS Deployments: Security Checklist for Cloud Services

    Moving applications from on-premise to SaaS brings a different set of risks. First among those is the fact that users data is stored in the SaaS provider's data center.

    Read Article
  • Cybersecurity Awareness Month: 10 Tips for Better IoT Security

    Cybersecurity Awareness Month: 10 Tips for Better IoT Security

    This Cybersecurity Awareness Month, take time to consider all the devices you have online. These 10 tips will help you create or strengthen your IoT security plan.

    Read Article
  • Why Conduct a Red Team Exercise?

    Why Conduct a Red Team Exercise?

    Businesses who conduct Red Team exercises have reduced costs when a data breach occurs.

    Read Article
  • Addressing Cloud Security Risks: Build a Foundation for a Secure Future

    Addressing Cloud Security Risks: Build a Foundation for a Secure Future

    Cloud adoption has gone mainstream. Taking full advantage of the benefits takes planning, skill, and a careful weighing of cloud security risks.

    Read Article
  • loading
    Loading More...