Many companies have internal web applications, accessible only from their corporate network or through a VPN. These are often back-offices, management portals, HR applications, and everything that makes sense only for the company workforce, not for their clients. This also means that cloud services, like Probely, could not scan them for vulnerabilities. Until now.
Blog / Tiago Mendo
Recently, we created a checklist, a Web Application Security Checklist for developers. Why? Well, because we want to help developers avoid introducing vulnerabilities in the first place. And for that, the security development process should start with training and creating awareness. Searching for vulnerabilities with a web scanner is essential, but we should always try to make security shift left, i.e. place it at the beginning of the development lifecycle. It is an investment: instead of being reactive, invest in prevention.