The answer: Both…… if you want optimized coverage.

Most organizations have countless software applications they need to secure, but strict budgets and resources to do so. To ensure the right breadth and depth of test...

IT security spend is on the rise; however, damaging attacks and data breaches are more common than ever. Part of the reason for this is the imbalance of spend and mindshare – many organizations allocate higher budget to...

A CISO's Guide to Application Security

by Danny Harris on August 11, 2016 at 8:53 AM

CISO Executive Summary

Application security differs in a number of ways from IT security, Network Security, and Information Security, so standard solutions from those domains don’t necessarily address the challenges of...

With Apple's recent announcement about starting its first Bug Bounty Program this September, it raises the issue of why they waited so long and why they did finally did decide to create one. 

Bug Bounty Hunter (BBH)...

As software security zealots, we sometimes forget the human aspect of software development. Why wouldn't developers and organizations do every available security activity to make their software more secure? Isn't security...

When you buy 3rd party software or outsource application development, you inherent all the vulnerabilities that the vendor fails to eradicate. To mitigate financial and operational risk, it’s important that security and...

Even if an application has been built following security and defensive coding best practices, it will still require significant testing before it's ready for release.

Whether this is routine testing for common...

OpenSAMM Benchmark Initiative

by Zak Dehlawi on April 23, 2015 at 3:52 PM

Security Innovation is very excited to be part of the consortium of AppSec vendors that are working to create a dataset of organizational security maturities.

Vulnerabilities are discovered in software on an extremely regular basis. Sometimes it’s the internal team or an external penetration testing team which discovers them and informs the developers. Sometimes there are...

A couple weeks ago I presented a webcast that covered techniques for testing mobile applications. As usual I was long winded with stories and analogies and went over time. I tried to answer as many questions as possible, but...