When every security flaw is deemed important, it creates chaos at the business level. In the short term, precious resources are wasted addressing such findings. Longer-term, these things add up to create true dysfunction in an overall security program which, ironically, makes the organization more susceptible to the risks that matter.
Who’s responsible for application security? It’s ultimately on the business. More specifically, it’s on the executives and board members that run the business. Still, there must be resources within the organization who not only lead the charge but also get stuff done. It’s complicated, and every situation is different, but this “get stuff done” component is where the answer lies.
Depending on the target's nature, you may want to prevent scans from running at certain times. For instance, when you don't want scans to affect your team's productivity during working hours or when you want to guarantee that your website can handle all customer requests during peak hours. With Probely, you can pause and resume scans later, both on-demand and automatically.
Understand how to use Teams to mimic your company’s structure better and address its needs. Please note that this feature is only available for Probely Plus. Teams provide a way for you to group Users, API keys, and Targets in one place so that managing them becomes easier and time-efficient. You can create multiple teams for one account. Teams act as independent units/groups and help you separate and assign targets for each team, limit the number of targets, set scopes, and user roles. One user can be added to different teams and assigned roles that don’t affect one another, such as an admin, developer, or a custom role.
If you are like me, legal compliance is one of those things that really make you cringe and sigh in discontent. However, as we all know, legal compliance is there for a reason. Generally speaking, many of them are easy to comply with as long as you have the right tools, and most of them are beneficial to you, your business, and your customers in the long run.
This blog post describes our partnership with the OLX Group that enabled them to use Probely’s API driven security scanner to secure their customer data and facilitate creativity. Probely integrated quickly with their in-house solution Dalek and provided evidence of vulnerabilities with no false positives.
A lot has already been covered in the interwebs regarding CVE-2021-44228 and the newer CVE-2021–45046. In case you’re just arriving from the Maldives and just heard about the log4j RCE, check this out.
Many companies have internal web applications, accessible only from their corporate network or through a VPN. These are often back-offices, management portals, HR applications, and everything that makes sense only for the company workforce, not for their clients. This also means that cloud services, like Probely, could not scan them for vulnerabilities. Until now.
Our web application scanning software’s latest update enables you to integrate Jira with Probely. Atlassian’s Jira is one of the most widely adopted issue and project tracking software systems available and has been named the number one software development tool for agile teams.
In this day and age having a functioning and secure Software Development Life Cycle (SDLC) process in place is becoming a key component of a successful organization. And one methodology that is becoming increasingly popular is DevOps. Mainly, because the methodology itself is designed to produce fast and robust software development. In this article, we will focus on how we can incorporate security into CI/CD and turning DevOps into DevSecOps easily and with automation in mind.
