With every company regardless of field beginning to transform into a software company to increase business performance and opportunities, we see exponential growth in the software development team. The growth of the security team, however, unable to keep up with this rapid growth in the number of the software development team as there is shortage

As the demand for speed delivery in software development increases, the security team is flooded with bigger challenges in tackling the growing numbers of vulnerabilities as well as managing the multiple tooling complexities. In the recent years, since 2019, Application Security Orchestration and Correlation (ASOC) had been named as the most potential platform or tool

The expansion of attack pathways had lead to constant evolution in the Application Security or AppSec industry. With various new threats continues to appear and need to be quickly addressed, the AppSec team are facing new challenges every day. This lead to the rise of Application Security Orchestration and Correlation in the recent years. Therefore,

In software development, the gap between the security team and development had always been a persistent matter when new approaches are brought into practice to speed up the development process. Some time ago, CI/CD are introduced into the software development strategy where it solved various problems in integrating new code between the development and operation

Our world today relies heavily on software applications. Be it for work, businesses, grocery shopping, traveling and even for Government relations and public affairs. With these heavy dependencies, IT company and service providers are obligated to release an application or service that is powerful in the security department. Subsequently, the security team had applied various

Invicti’s Acunetix automated web vulnerability scanner, it is one of the market offering for application security testing (AST). This post is cover v14 edition (release since 17th March 2021). What is new compare with previous edition? Web Asset Discovery, allowing users to discover domains related to their organisation or web assets already configured in Acunetix

Burp Suite Enterprise Edition Product Latest Release and Build, this is an ongoing and incremental update post, we consolidate all information into a single post for users who want to know all the updates, new features and fixes along the edition. Latest release and build will show at the top of the post, and the

Whether you are a third-party software supplier or end customer, you will find third-party security software security independent audit services helpful and help you bring in third-party independent security checks and quality assurance into the whole security and compliance process. For a third-party software supplier you may need it for your final software delivery to

Burp Suite Enterprise Edition is Enterprise server class solution for automated and scheduling continuous scanning solutions that are capable of running a high volume of concurrent scanning (just need to license agent quantity to cover the instance and workload required). Burp Suite Enterprise Edition is an automated web scanner, leveraging dynamic application security testing (DAST)

Trends disrupting the Application Security Testing Market, a couple years will see dynamic changes once it reaches the market acceptance for certain technology, and depend on the existing market player and new player entering into the market that create new waves of change, in particular the disruptive technologies that obsolete conventional or legacy practises. Since

Background Information The Client is a multinational banking and financial services corporation headquartered in Europe. Its primary businesses are retail banking, direct banking, commercial banking, investment banking, wholesale banking, private banking, asset management, and insurance services. it is one of the biggest banks in the world, and consistently ranks among the top 30 largest banks

Burp Suite Professional for Mobile Application Security Testing (Mobile AST), will be the topic to discuss in depth in this post. Typical question being asked, can you use Burp Suite Professional for performing mobile applications security testing (Mobile AST)? The quick and direct to the point answer is YES with jailbroken device involved. What you

Burp Suite Enterprise Edition Starter Grow Accelerate, this is the three subscription packages that will be introduced during 2021 in the second half of the year. This post expects you already know about the product Burp Suite Enterprise Edition and this post focuses on explaining the three different subscription packages in depth. We hope at

Burp Suite Pro vs Enterprise what the differences are, is as popular as what the difference within Burp Suite Pro vs Free edition that cover by dedicated post separately. Burp Suite Pro or Burp Suite Professional is target to use by pentester, secure developer and bug bounty hurter or web application security tester or someone required to

Automated DAST to manual application security testing seminar event, is special event in conjunction with the E-SPIN 16th anniversary celebration. E-SPIN pleased to organize a seminar event focused on the manual application security testing (MAST) for web application security testing and dynamic application security testing (DAST). This event focuses on MAST methodology, framework and processes,

DefenseCode Webstrike Dynamic Application Security Testing (DAST) Scanner, formerly known as WebScanner before v2.0.1, is a solution for complete security audits of active web applications (websites). Active web applications (websites) are constantly exposed to malicious attacks. The best practice is to regularly use DefenseCode WebStrike solution for performing security audits of your websites. DefenseCode WebStrike

Hackers focus on cryptocurrency exchange and digital token platforms now, if you are yet to be aware of it, you better act on it. Whether you are cryptocurrency exchange or digital wallet service provider, you need to focus your resources to make sure your infrastructure, system, services and application is perform end to end cybersecurity

Burp Suite Professional Web Vulnerability Scanner or simply just Burp Suite Pro, is one of the top and leading commercial security assessment tools (SAT) allowing web based penetration testing, secure web development testing and bug bounty hurting. Burp Suite Professional is an integrated suite of web application security testing toolkits targeted for use by web

What is an application security testing? Application security testing is a part of crucial software development process that makes new or updated software applications do not contain security vulnerabilities as well as being more resistance to security threats. Organisations have begun to adopt DevOps practice as a way to speed up the process to deliver

The CI/CD pipeline security cannot be compromised as it is the core component within a development process. The following describes four best practices to secure your CI/CD pipeline. First, tighten the access control. Access control is viewed as the first layer of protection of the CI/CD pipeline, thus the access to the CI/CD pipeline should

HCLAppScan Standard is a penetration-testing component of the HCL AppScan application security testing suite, used to test web applications and services. It features cutting edge methods and techniques to identify security vulnerabilities to help protect applications from the threat of cyber-attacks. HCLAppScan Standard is a Dynamic Analysis tool, or dynamic application security testing tool (DAST), evaluating application security at

This is the post developed as the result of high demand keep asking by customer from time to time, so we decide to write a full detailed topic to be useful for other people who may found it useful. For existing Burp Suite Pro user, it do not do like Burp Suite Pro, you need

Why manual web application security testing matters most, the reason for pick this topic to talk in this blog is from observation, we found out that most of the people, involved IT security officer have tendency for go for hassle free by purely adopted automated web application security testing, with the reason it seem manual

Why DAST and SAST is best combined for the AST approach, the reason is simple, it covers the matter in two key result areas (KRA) most people want to cover and demonstrate vulnerability management and for various regulatory compliance. As most industries and sectors remain, have the practice for outsource and appoint 3rd parties to

We keep hear people talk static application security testing (SAST), dynamic application security testing (DAST) as two dominance application security testing, and off course not so mainstream of interactive application security testing (IAST), software composition analysis (SCA) and mobile application security testing (mobile AST). Some keep proposing SAST is the ultimate, because it handles the

Post event video summary, spread into three video Part 1 focus on app security testing market change and challenges, cloud migration and standard, specific controls requirements Part 2 focus on the Thunderscan SAST product update. Part 3 focus on the Webstrike DAST product update. For existing and new customers and partners, it is our pleasure

Modern web applications continue to be a challenge for organizations to secure as developers build increasingly complex business applications faster than ever. Many organizations are releasing new or updated web applications multiple times per day, each containing multiple vulnerabilities on average. Often outnumbered by developers by 100:1, security teams are struggling to keep up,and many

Invicti Notice for discontinue Acunetix and Netsparker Consulting License is issue out over the channel. E-SPIN would like to bring you immediate attention for the Invicti notice by Kevin Abela, dated 20-Nov-2020, and his email is self explained so we will not further explain further for the notice content. See the screenshot for the notice

This is a routine hour long technical overview, highly essential and recommended for customers,  who are considering to running (DAST) Dynamic Application Security Testing with Burp Suite product . It’s the best solution out there for many use cases and it includes the world’s most widely used web vulnerability scanner for both manual (Burp Suite

This post documents down the recent webinar series E-SPIN provides to the customers and partners.  For the portion of the typical being ask questions and turn into Netsparker Enterprise video walkthroughs that capture the essential for the websinars and make it replay-able for the rest of the audience who found it helpful. Invicti acquired both