Application Security Questions
Rony_Sklar
IT Central Station
Jan 13 2021

There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 

What are some of the threats that may be associated with using 'fake' cybersecurity tools?

What can people do to ensure that they're using a tool that actually does what it says it does?

SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
Manoj Kumar Kemisetty
Sap Advanced Business Application Programming Consultant at Accenture
Mar 02 2021

Is SonarQube is the best tool for static analysis or there are any good tools which compete with SonarQube?

Purushothaman KStatic tool we can use Fortify or IBM Appscan. SonarQube widely used for… more »
Peter ArvedlundI am not very familiar with SonarQube and their solutions, so I can not answer… more »
Steven KlusenerPlease have a look at the TICS framework, offered by www.tiobe.com, it is… more »
Menachem D Pritzker
Director of Growth
IT Central Station

On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass.

Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber.

The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned.

How could Twitter have been better prepared for this? How do you rate their response?

Ken ShauretteFor some good information from a leading expert check out the webinar today 7/17… more »
Ken ShauretteI like the potential for catching an unusual activity like that with our… more »
Russell WebsterSpan of control, Solid RBAC, Privileged Access Management (PAM) 
Rony_Sklar
IT Central Station
Mar 02 2021

Many companies wonder about whether SAST or DAST is better for application security testing. What are the relative benefits of each methodology? Is it possible to make use of both?

Dan DoggendorfSAST and  DAST are not mutually exclusive and should be used in conjunction with… more »
Oscar Van Der MeerFor application security you ideally need SAST, SCA and DAST. You need all three… more »
Thomas RyanThe easiest way to remember the role of each: SCA & SAST = Am I Vulnerable… more »
Rony_Sklar
IT Central Station

Which single application security tool provides the best overall protection?

Kangkan GoswamiThe best source to know the OWASP risks is the OWASP website. For top 10 risks… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Apr 05 2021

Let the community know what you think. Share your opinions now!

reviewer1434390I would check the authentication steps required. How does the data storage work… more »