Abhay Bhargav

October 10, 2024

Zero Trust Security is reshaping cybersecurity by challenging traditional models. Learn how it provides continuous verification, least privilege access, and real-time threat detection.

Abhay Bhargav

September 19, 2024

Security Architecture Reviews (SAR) provide a comprehensive assessment of your app's security, from infrastructure to CI/CD pipelines. Discover their benefits and why they're essential for modern application security.

Abhishek Dharani

September 10, 2024

Simplifying your security tools boosts protection by reducing complexity and enhancing your team’s focus on real, organizational security needs.

Vishnu Prasad

August 21, 2024

Learn how the Secure Software Development Framework (SSDF) and security assessments can enhance software security, reduce risks, and improve development efficiency.

Vishnu Prasad

August 1, 2024

Supply chain security is critical for protecting your business from attacks exploiting the weakest links. Learn why this matters, common threats, regulatory standards, and best practices for a secure supply chain.

Abhay Bhargav

July 3, 2024

Learn how to implement streamlined, continuous threat modeling to build more secure applications.

Ganga Sumanth

June 20, 2024

Learn how to evaluate and secure your cloud environment effectively with comprehensive cloud security assessments to protect against evolving cyber threats.

Vishnu Prasad

June 5, 2024

Threat modeling is crucial for identifying security vulnerabilities, yet many organizations overlook it due to common myths. Learn the truth about threat modeling and how it can protect your organization from cyber threats.

Vishnu Prasad

May 28, 2024

Security assessments are essential to safeguard your organization against cyber threats, costing up to $4.35 million per breach. Learn how various assessments can strengthen your defenses.

Vishnu Prasad

May 14, 2024

This blog explores the critical importance of securing your software supply chain in today's fast-paced development environment.

Abhay Bhargav

April 25, 2024

From sensitive data leaks to model poisoning, LLMs carry significant risks. This blog breaks down 7 major LLM security issues and how to safeguard your tech.

Vishnu Prasad

April 9, 2024

Discover the top cyber threats facing finance, including phishing, ransomware, and insider threats, and how secure coding can protect assets.

Ganga Sumanth

March 28, 2024

As the backbone of cloud-based services, APIs facilitate the seamless interaction and data exchange. Learn about the risks, challenges, and strategies to fortify your APIs against cyber threats.

Anushika Babu

March 7, 2024

Explore the crucial role of DevSecOps in fintech's cybersecurity strategy. Learn how it merges security with rapid development to protect digital finance.

Rajesh Kanumuru

February 20, 2024

Unlock the synergy of Microsoft Sentinel & AWS Security Hub for a unified cloud security strategy. Simplify management and enhance threat detection.

Vishnu K

February 13, 2024

Discover why robust security architecture is crucial for protecting your digital assets, with insights on defense strategies and incident response plans.

Ganga Sumanth

February 8, 2024

This blog is to help manufacturers understand that ensuring the security of their devices is not just about protecting individual users but also about safeguarding the integrity of the digital ecosystem.

Anushika Babu

February 1, 2024

This article discusses the importance of application security and dives deep into a strategic approach for building a robust security program from the ground up.

Anushika Babu

January 19, 2024

This blog dives into the critical aspects of application security and discuss why implementing these best practices is essential.

Anushika Babu

January 16, 2024

In today's blog, we'll talk about something that businesses, government organizations, and cybersecurity professionals should know: what the information security landscape will look like in 2024.

Rajesh Kanumuru

January 9, 2024

In this blog, we dive into the role of automation in enhancing cloud security. Automation isn't just a convenience; it's a game-changer.

Vishnu K Prasad

January 3, 2024

Explore the critical role of Security Architecture Reviews (SAR) in safeguarding organizations from evolving cyber threats.

Anushika Babu

December 12, 2023

This blog navigates through the future of AI apps—explore risks, strategies, and ethical considerations for a secure and inclusive digital landscape.

Anushika Babu

December 5, 2023

This blog uncovers the security challenges of AI-powered apps and learn how to fortify them for innovation and trust.

Ganga Sumanth

November 29, 2023

This article discusses the important parameters for container security that can help protect your applications and data from potential threats. 

Anushika Babu

November 21, 2023

This article explores the vital link between application security and Responsible AI, safeguarding against biases and ensuring the integrity of AI systems.

Shubham Sharma

November 16, 2023

This blog explores the 6 most secure methods to authenticate users on Kubernetes.

Anushika Babu

November 7, 2023

AI revolutionizes application security, from threat detection to vulnerability management and access control. Embrace the future with AI-powered protection.

Anushika Babu

November 2, 2023

Cyberattacks surged globally in 2023, this blog dives into the impacts on nations like the US, Russia, China, and Ukraine.

Abhay Bhargav

October 24, 2023

To meet the demands of the modern era, businesses are increasingly adopting DevSecOps practices. This article highlights why your company should invest in DevSecOps.

Anushika Babu

October 17, 2023

In this blog, we will explore the critical reasons of how allocating financial resources can defend your digital assets.

Vishnu K Prasad

July 25, 2023

This article is just a glimpse into the extensive knowledge and insights we'll be sharing in we45's DevSecOps Masterclass: AppSec Automation Edition. To get a deeper understanding and gain hands-on experience, we invite you to join us at Black Hat USA 2023.

Anushika Babu

July 18, 2023

Red-teaming is not a one-time exercise but rather a continuous process. Equip yourself with the knowledge and skills necessary to uncover and exploit vulnerabilities within the application supply chain at this year's Blackhat USA.‍

Rajesh Kanumuru

July 11, 2023

Get ready to fortify your multi-cloud fortress with confidence with we45's upcoming training at the BlackHat USA 2023 on Attacking and Defending AWS, Azure, AND GCP Cloud Applications.

Vishnu Prasad

July 6, 2023

Are you ready to embrace a new era of software development, where speed and security go hand in hand? Secure and Efficient Software Development with we45's DevSecOps Masterclass.

Vishnu Prasad

June 30, 2023

It is essential to use DAST tools to identify vulnerabilities in web applications. This article will explore the top 5 free and paid DAST scan tools for effective application security.

Abhay Bhargav

June 13, 2023

Using open-source components presents unique challenges to supply chain security. Source composition analysis (SCA) tools are essential for identifying and mitigating security risks in the supply chain. ‍This article will discuss the top five free SCA scan tools.

Abhay Bhargav

June 6, 2023

This article will walk you through the benefits of PaC and highlight some essential tools and frameworks that can help your organization enforce security across the stack.

Joshua Jebaraj

May 25, 2023

Writing a Dockerfile can be straightforward, but some best practices can help you optimize your images for performance, security, and maintainability. This article will discuss some of the best practices for writing Dockerfiles.

Joshua Jebaraj

May 16, 2023

This article will discuss the keystone principles for container security that every developer and operations team should know when using Docker.

Joshua Jebaraj

May 9, 2023

In this blog post, we'll dive deep into the topic of Kubernetes service accounts and cover all the essential aspects of this topic. We'll discuss service accounts, how they work, and how they're authenticated in Kubernetes.

Anushika Babu

April 25, 2023

Application security culture is essential for any organization's success and goodwill. It helps to reduce the risks of data breaches, malicious attacks, and other threats. Here are 5 ways to build an impactful AppSec Culture.

Anushika Babu

April 14, 2023

This blog will explore the scope of AppSec jobs in Singapore in 2023 and beyond. We will also touch upon training programs from We45 that can help aspiring AppSec engineers enhance their skills and knowledge.

Shubham Sharma

April 10, 2023

This blog talks about how Container supply-chain security is crucial for deploying applications, and organizations can ensure security by using verified base images, generating an SBoM, regularly updating applications, implementing security controls, and having processes in place to detect and respond to security incidents.

Anushika Babu

April 3, 2023

For a product team manager, security hiring can be very challenging. This blog addresses the complications related to security hires and provides a one-size-fits-all solution.

Vishnu Prasad

March 30, 2023

API testing is the backbone of software development, ensuring the flawless performance of APIs. Here are 7 ‍Automating REST API Testing Tools that will help you avoid bugs, performance issues, and other problems before deployment, for a high-quality software product for our users.

Anushika Babu

March 24, 2023

Security and engineering teams never seem to agree on a common goal, resulting in a communication breakdown and productivity loss. Learn how can team leaders end the perpetual conflict and foster collaboration instead.

Rajesh Kanumuru

March 20, 2023

AWS is a cloud computing platform that serves as the foundation of many businesses' digital infrastructure. Here are top 7 AWS Security Threats that you need to be aware of.

Rajesh Kanumuru

March 14, 2023

This blog talks about 5 tips on securing cloud infrastructures that can help prevent costly downtime, improve customer satisfaction, and ensure the confidentiality, integrity, and availability of customer data.

Amulya Hubert

March 9, 2023

An SBOM is a detailed granular list of components packaged into any given application or software installation file, with their metadata included. It carries a complete inventory rundown of a codebase that lists the open-source and third-party components, licenses, patch status and version information.

Vishnu Prasad

March 6, 2023

The increasing number of software supply chain attacks has reached an alarming state. It is reported that 3 out of 5 companies faced software supply chain attacks, some of which were quite major. Let us learn more about the 10 significant attacks we saw in the last decade.

February 24, 2023

This blog takes a deep dive into Software Supply-Chain security. Learn what is Supply-Chain security, why has it become so important over the last decade, why organizations are required to implement it and more.

Abhay Bhargav

February 21, 2023

Threat modeling has many perks for organizations that want to fortify their cybersecurity and keep their assets safe from data breaches and threat actors. This article talks about some of the biggest benefits of using threat modeling.

Joshua Jebaraj

February 14, 2023

With Kubernetes, the stakes are high - a single security breach can compromise all the containers and applications running on it. In this article, we talk about the top 6 Kubernetes Security issues and how to fix them.

Vishnu Prasad

February 9, 2023

DevSecOps helps you deliver software faster and better quality, with the bonus of keeping it secure. In this blog we discuss about 9 DevSecOps myths and the truth behind them.

Anushika Babu

January 27, 2023

This article talks about the importance of Data Privacy Week and how organizations can implement Data Privacy.

Rajesh Kanumuru

January 19, 2023

With cloud adoption comes the need to establish effective cloud security framework to protect them against potential threats. This blog talks about the major Cloud security challenges and how to overcome them.

Amulya Hubert

November 29, 2022

Know all about PCI-DSS and its impact on security of financial transactions. Read the full article for details.

Aneesh Bhargav

November 22, 2022

Read this list of top 5 most notable data security breaches that rattled the world in 2021 and 2022 and recount the key takeaways.

Abhay Bhargav

November 16, 2022

This Executive Order is a step forward in handling supply chain attacks. Read the full article to understand what it's all about!

Vishnu Prasad K

November 9, 2022

Secure software development is as relevant as software upgradation and their new launches. While developing software, one should keep the following practices to protect the software from getting attacked.

Aneesh Bhargav

November 7, 2022

Here are 5 infallible steps that every team leader can adopt while launching DevSecOps as their strategy. 

Abhay Bhargav

October 9, 2022

Zero Trust presumes that barrier security procedures like that will fail if not infiltrated already. It seeks to reduce the damage by assuming that security strongholds are ineffective when it comes to protecting an organization's database.‍According to an article by we45's CEO, Abhay Bhargav, the emphasis on Zero Trust is recognized widely in the cybersecurity industry because once and for all, it's about time that organizations and companies relinquish the idea of "perimeter security".

Anushika Babu V

October 5, 2022

The need for greater cybersecurity awareness is crucial in a time when the Internet is integral to every individual's daily life. CyberSecurity awareness month is one such initiative to spread awareness about need and implementation of security into our daily lives. Read the full article to know more.

Aneesh Bhargav

September 25, 2022

Everybody wants to acquire new sets of knowledge for their career growth, but security training is so boring! 4 ways to start making AppSec training more fun today.

Joshua Jebraj

September 20, 2022

Kubernetes security services best practices are easy to follow and have a long-lasting positive impact on business operations. However, one needs expertise in this field to leverage all of its benefits. Kubernetes security can be incredibly complex to implement, and automated tests do not take into consideration the nature of your business or development procedures.

Ganga Sumanth

September 16, 2022

There are more than 3.5 MILLION security jobs with no one to take them. Companies are getting desperate. In this economy, skills are everything. You don’t want to fall behind.‍ Here's what you can do to start leveraging that AppSec skills gap today!

Naveen Yalagandula

March 7, 2022

Web cache poisoning can be a tricky vulnerability to find and fix. Here's what you need to know about this critical security flaw.

Abhay Bhargav

February 2, 2022

It’s no surprise that in the last few years, the way we develop applications has changed. Nearly all the ‘core’ elements we once associated with software development have been transformed owing to new tech, shifts in corporate culture, and market demands.

Ujjwal Saini

January 11, 2022

File upload vulnerabilities arise when a server allows users to upload files without validating their names, size, types, content etc. In this article, we will learn common attack vectors that can be used to exploit improper file upload functionality and bypass common defense mechanisms.

Shubham Sharma

December 21, 2021

Log4Shell vulnerability can lead to Remote Code Execution (RCE), including the worst-case scenario where an attacker can inject malware to the server. This opens up the possibility for supply-chain attacks as well.

Ganga Sumanth

December 1, 2021

Cross-Origin Resource Sharing (CORS) misconfigurations can lead to a host of exploits that put your apps and data at serious risk.

Aneesh Bhargav

September 9, 2021

The whole point of Fedex Day is shake things up. Working on a tight deadline can stressful, but the opposite can be just as bad. If you waste time while trying to figure out what your project is, you're not going to have the time to bring it to completion. All 7 teams had an idea for a project they could finish in 2 days.

Abhay Bhargav

September 9, 2021

We often come across concepts on working of any website, how data is populated on the website dynamically as per any specific customer. The best and efficient way to send or receive data from a server is by the use of APIs.

Ganga Sumanth

September 7, 2021

CSRF (Cross site request forgery) or XSRF is an attack vector that would trick an unsuspecting user into performing unwanted actions with/without interaction in their browser session.

Abhay Bhargav

December 2, 2020

It isn't easy being a CISO. You're often the sole go-between for two very different organs in the corporate anatomy: the engineering teams and upper management. And more often than not, these departments don't exactly see eye-to-eye, either.

Abhay Bhargav

November 10, 2020

Security debt is just like procrastination. You let all these vulnerabilities pile up without testing or fixing them, and suddenly, you've got two hundred-something security flaws and ZERO time to fix the most critical ones.

October 20, 2020

The Same-Origin Policy (SOP) restricted information sharing between applications and allowed sharing only within the domain the application was hosted on. This was a precaution to protect systems from giving up confidential information.

October 20, 2020

When it comes to choosing a vendor that can effectively test your apps for security flaws, there's just so many different things to consider that it's easy to be overwhelmed. It's a crowded marketplace out there, and demand doesn't always meet the supply, so making an educated decision on who tests your apps can seriously boost or badly impair your ability to deploy secure, stable applications on each release. No pressure.

October 13, 2020

Web / Mobile Applications, Word Processors , Web Services, and Content Management Platforms use the Extensible Markup Language (XML) format to store and transport data between the systems that are in both human-readable and machine-readable formats.An XML External Entity (XXE) injection is a serious flaw that allows an attacker to read local files on the server, access internal networks, scan internal ports, or execute commands on a remote server.

October 9, 2020

It's a fact of life that practically all the applications we use and develop today are in constant flux. Features are being added or tweaked, bugs are being fixed, and...ah, crap, that last update just created a bunch of new bugs, and reopened a couple that were already fixed. Here we go again.

October 6, 2020

Let's start by understanding why we want to integrate ZAP with Jenkins in the first place. You're probably here because you want to improve your application security while it's still in the pipeline. In a Rapid Application Development Cycle, whenever a new version or feature of the product is being released, security teams (for the most part) had to manually initiate DAST tools to find security vulnerabilities in the release.

October 5, 2020

Many web applications provide functionality to export data onto spreadsheet files such as .CSV or .XLS. This data generally contains sensitive information that should be handled safely and securely. In web applications, 'risk handling' is related to input and output trust boundaries.

September 22, 2020

Web and cloud-based apps are designed to be interconnected and accessible, making it possible to reach people regardless of geographic boundaries. Tiny startups can take advantage of massive cloud infrastructure they wouldn't have the bandwidth to build themselves.

Abhay Bhargav

September 3, 2020

Securing apps is a major challenge for any organization. Here is a list of 10 questions you need to ask yourself about your security situation.

Team we45

August 20, 2020

You want to know how your application can get hacked. You want a complete analysis, take actionable data and intelligence from it with Threat Modelling.

Team we45

August 13, 2020

OWASP ZAP is among the most widely used DAST tools out there. Here are 7 reasons why ZAP is great for application security testing.

Team we45

August 6, 2020

Here’s 5 of the biggest mistakes companies that fail at Enterprise Security Management make

Team we45

July 6, 2020

Serverless brings with it, new security challenges for developers. Here are 10 of the top security risks we’ve encountered in serverless architecture.

Aneesh Bhargav

April 30, 2020

Solution to making abstract concepts comprehensible, is that of hands-on practice. This is why we built what we call our ‘cyber range’: a safe way to learn the workings of a vulnerability first-hand, from the inside-out and to practice nipping it in the bud.

Aneesh Bhargav

April 17, 2020

Effective application security programs in organisations is the result of both these teams working together, and communicating, based on their subjective understanding of the problem.

Team we45

April 7, 2020

When we looked at how we could make 2020 downtime more productive for ourselves as human beings outside of work, we saw that in such times of uncertainty, professionals need to focus on two critical aspects of self development: learning and adaptation.

Team we45

January 9, 2020

Based on our insight, we believe that these are some of the ways in which needs from application security training have evolved, read the full article

Team we45

January 6, 2020

Web pages sometimes receive user input as a file or directory name and whenever this user input is improperly sanitized, it can lead to various security vulnerabilities.

Team we45

November 7, 2019

In this blog, we would like to bring out some significant progressions in our security assessments that have come about in assessing applications over the recent past.

Team we45

November 4, 2019

Threat Models fundamentally help you think of what and how things can go wrong.You'll suck at it at first. Then you get better. Like everything else in life.

‍Roberto Velasco

August 19, 2019

We believe that modern DevSecOps practices demand a different security testing approach. Adoption of automated deployment and delivery pipelines (CI/CD) means that the system can’t wait for code scans to finish; even worse, waiting for the review of the vulnerability results.

Team we45

August 19, 2019

We recommend, you add AppSec Day, Australia to your conference calendar. And while you’re there be sure to attend the following talks

Team we45

April 15, 2019

Base64 encoding isn't enough to protect web apps from Cross-Site Scripting! Here's how to prevent XSS attacks using AppSec best practices.