Gartner Blog Network

Tag: 'application-security' Blog Posts

from the Gartner Blog Network

Link Web Application Firewalls to Dynamic Application SecurityTesting Tools

by Neil MacDonald  |  January 9, 2012

I called this a “security no brainer” years ago and the advice is absolutely still relevant today. In Gartner’s latest Magic Quadrant for Dynamic Application Security Testing (DAST) solutions for...

Read more »

Comments: 6

The Market for Dynamic Application Security Testing is Anything but Static

by Neil MacDonald  |  January 4, 2012

We’ve just published a new Magic Quadrant for Dynamic Application Security Testing (DAST) for Gartner clients. In Gartner research, we use the term DAST to refer to testing solutions and...

Read more »

Comments: 1

Protecting Intellectual Property in Source Code Requires a Two Prong Strategy

by Neil MacDonald  |  August 5, 2011

I had a discussion with a client today looking to protect sensitive intellectual property in their source code. I discussed two primary areas of risk: 1) that the developers (some...

Read more »

Comments: 1

Google’s Chrome Browser has a Zero Day – So?

by Neil MacDonald  |  May 13, 2011

I saw this article recently describing an attack against one or more zero day vulnerabilities in Google’s Chrome browser. Worse, the attack reportedly is able to break outside of the...

Read more »

Lesson from Android: Does More Open Have to Mean Less Secure?

by Neil MacDonald  |  March 11, 2011

Google’s Android has made the news a couple of times already in 2011: Here, with a credit card snooping exploit proof of concept and most recently, with malware that had...

Read more »

Is Microsoft’s Secure Development Lifecycle Losing Its Effectiveness?

by Neil MacDonald  |  March 7, 2011

I was performing some background research on the number and severity of vulnerabilities produced by Apple, Microsoft and other vendors when I ran across something quite interesting. (BTW - I...

Read more »

Comments: 4

Identifying Browsers and Plugins That Might Represent a Risk

by Neil MacDonald  |  January 21, 2011

In my kick off post for 2011, I talked about the need for IT to expand the depth and breadth of patching. In the follow-on post, I talked about the...

Read more »

Static or Dynamic Application Security Testing? Both!

by Neil MacDonald  |  January 19, 2011

Static application security testing (SAST) can be thought of as testing the application from the inside out – by examining its source code, byte code or application binaries for conditions...

Read more »

Comments: 6

Multi-tenancy Doesn’t Have to be bad for Security

by Neil MacDonald  |  January 14, 2011

One of the reasons that security tops the list of inhibitors for the adoption of public cloud computing is the concern around the use of multi-tenant infrastructure and applications. However,...

Read more »

Comments: 2

Building a Software Assurance Program

by Neil MacDonald  |  September 28, 2010

I work with clients daily on how to change their development (and procurement) processes to product more secure code. I wrote in this blog, that application security cannot be solved...

Read more »