Library

Explore a collection of educational content from our security experts

Forward Security awarded the Canadian Workplace Culture Certification

Forward Security is Canadian Workplace Culture Certified and are officially recognized as a Canadian Workplace Culture Leader. The overall score received placed Forward Security in the 88th percentile with a…

What is Pentesting? (and What to Look for When Choosing a Service Provider)

You’ve probably heard of the term pentesting and wondered what it means. You’ve probably even had a pentest done and was not quite sure what it was. In this post,…

Does Your Application Need Security Requirements?

If you have an application, you might be asking yourself questions such as: How do I make my application more secure? Where do I get security requirements from? Why do…

What is Threat Modeling? (and Why is it Important for Applications?)

What is threat modeling and why it’s important to you? Let’s start by talking about what a threat is. A threat is something that has a negative impact on an…

Dev Teams Don’t Need Fulltime AppSec Members, They Need Security Champions

In this post, we’ll explore whether you need dedicated application security team members in your development team and what the concept of security champions is all about. Where are all…

What is DevSecOps and How to Transform Your Agile / DevOps Team?

These days, everyone is talking about DevSecOps, and you might be wondering what that’s all about. How We Evolved to DevSecOps Security was not really a part of software development…

Top 3 Security Challenges Devs Encounter When Building Secure Apps

There are a lot of tools, or a lot of categories of tools, that developers need to incorporate into their DevOps environment. Anyone in the AppSec field knows, automation tools…

Forward Security receives $150,000 of NRC IRAP funding to further develop its Eureka next-generation DevSecOps platform

Forward Security Inc., a North American company with offices in Vancouver, Toronto, and Austin, TX, specializing in application & cloud security products and services, is proud to announce that it…

Blockchain and Its Impact on Information Security’s CIA-Triad

What is the CIA Triad? Before we get into the details of how blockchain can improve information security, let’s talk about the CIA triad. No, not the government agency, but…

Embedding Security Into Software During Development

Security has traditionally been focused at the infrastructure level, particularly at the edge of the network where traffic flows across trusted and untrusted network segments. This is accomplished by using…

Application Security for Busy Tech Execs

We have created this series to help busy technology executives like you navigate through the cloudy and often poorly understood field of application security and array of options out there. In this series we will discuss some of the key pillars of application security in 1-2 min video capsules to save you time and help make the best decision.

SAST, SCA, DAST, IAST, RASP: What They Are and How You Can Automate Application Security

Forward Security is now an AWS Select Consulting Partner

Forward Security Inc., a North American company with offices in Vancouver, Toronto and Austin, TX specializing in application & cloud security consulting, is proud to announce that it has earned the Select tier Consulting…

Security Implications of AI-assisted Coding

GitHub quietly announced the technical preview for their new Copilot feature recently. Copilot is an AI-assisted pair programming tool that can be used in VS Code or in a GitHub codespace. The tool uses a machine learning model based on…

The Importance of “Baking” Security Into Your Applications

Historically, security has been enforced outside of the application, particularly at the edge of the network where traffic flows across trusted and untrusted network segments. This is accomplished by using…

SAST, SCA, DAST, IAST, RASP: What They Are and How You Can Automate Application Security

Application security is an ongoing challenge throughout the entire software development life cycle (SDLC). Today, more and more development teams are shifting to Agile and DevOps SDLCs to rapidly build application to meet the rising demands from the business and consumers with little or no attention to security.…

Biden’s Executive Order Impact on Application & Cloud Security

President Joe Biden’s cybersecurity executive order takes important steps to bringing awareness to security for organizations when developing software. With 52% of breaches caused by malicious attacks against applications in…

Why ASVS Is The Gold Standard For Application Security

According to Contrast Security’s 2020 Application Security Observation Report, 96% of web apps have at least one vulnerability, and 26% of those are serious. The continued proliferation of application vulnerabilities…

Securing Modern API and Microservices-Based Apps by Design – Part 2

Combine existing security concepts and best practices together and design more secure distributed applications. Introduction Part 1 of this two-part series discussed what services and microservices are, the role of APIs and API gateways in modern application…

Securing Modern API and Microservices-Based Apps by Design – Part 1

Combine existing security concepts and best practices together and design more secure distributed applications. Introduction A common approach to modernizing applications is to use APIs and decompose them into smaller units that typically live in containers. These approaches involve many concepts…