Library

Explore a collection of educational content from our security experts

Penetration Testing: How Often Should You Test?

How often should I do penetration testing? It’s a question that comes up regularly. The answer is: it depends. The frequency of pen-testing depends on the organization’s specific needs and…

The Importance of a Risk Based Approach in Security Assessments

Suppose you run a security scan on your application, and it produces a report with a list of one hundred security issues. Where would you start? What issue(s) would you…

Case Study: Eureka DevSecOps Platform

The Background Our client in the data analytics sector had implemented DevOps automation and CI/CD pipelines but without any security in the mix. This is quite common as some organizations…

Forward Security are recognized winners of the Most Promising Canada Tech Services Company 2022

Forward Security are delighted to be recognized as the winners of the Most Promising Canada Tech Services Company 2022 by CIOReview. We are passionate about building long-lasting relationships with our partners and…

Forward Security awarded the Canadian Workplace Culture Certification

Forward Security is Canadian Workplace Culture Certified and are officially recognized as a Canadian Workplace Culture Leader. The overall score received placed Forward Security in the 88th percentile with a…

What is Pentesting? (and What to Look for When Choosing a Service Provider)

You’ve probably heard of the term pentesting and wondered what it means. You’ve probably even had a pentest done and was not quite sure what it was. In this post,…

Does Your Application Need Security Requirements?

How do I make my application more secure? Where do I get security requirements from? Why do I need security requirements? If you have an application, these are some of…

What is Threat Modeling? (and Why is it Important for Applications?)

What is threat modeling and why is it important? A threat is something that has a negative impact on an asset. In the context of information security, particularly about application…

Dev Teams Don’t Need Fulltime AppSec Members, They Need Security Champions

In this post, we’ll explore whether you need dedicated application security team members in your development team and what the concept of security champions is all about. Where are all…

What is DevSecOps and How to Transform Your Agile / DevOps Team?

These days, everyone is talking about DevSecOps, and you might be wondering what it’s all about. How we evolved to DevSecOps Security was not really a part of software development…

Top 3 Security Challenges Devs Encounter When Building Secure Apps

There are a lot of tools, or a lot of categories of tools, that developers need to incorporate into their DevOps environment. Anyone in the AppSec field knows automation tools…

Forward Security receives $150,000 of NRC IRAP funding to further develop its Eureka next-generation DevSecOps platform

Forward Security Inc., a North American company with offices in Vancouver, Toronto, and Austin, TX, specializing in application & cloud security products and services, is proud to announce that it…

Blockchain and Its Impact on Information Security’s CIA-Triad

What is the CIA Triad? Before we get into the details of how blockchain can improve information security, let’s talk about the CIA triad. No, not the government agency, but…

Embedding Security Into Software During Development

Security has traditionally been focused at the infrastructure level, particularly at the edge of the network where traffic flows across trusted and untrusted network segments. This is accomplished by using…

Application Security for Busy Tech Execs

We have created this series to help busy technology executives like you navigate through the cloudy and often poorly understood field of application security and array of options out there. In this series we will discuss some of the key pillars of application security in 1-2 min video capsules to save you time and help make the best decision.

SAST, SCA, DAST, IAST, RASP: What They Are and How You Can Automate Application Security

Application security is an ongoing challenge throughout the entire software development life cycle (SDLC). Today, more and more development teams are shifting to Agile and DevOps SDLCs to rapidly build…

Forward Security is now an AWS Select Consulting Partner

Forward Security Inc., a North American company with offices in Vancouver, Toronto and Austin, TX specializing in application & cloud security consulting, is proud to announce that it has earned the Select tier Consulting…

Security Implications of AI-assisted Coding

GitHub quietly announced the technical preview for their new Copilot feature recently. Copilot is an AI-assisted pair programming tool that can be used in VS Code or in a GitHub codespace. The tool uses a machine learning model based on…

Biden’s Executive Order Impact on Application & Cloud Security

President Joe Biden’s cybersecurity executive order takes important steps to bringing awareness to security for organizations when developing software. With 52% of breaches caused by malicious attacks against applications in…

Why ASVS Is The Gold Standard For Application Security

According to Contrast Security’s 2020 Application Security Observation Report, 96% of web apps have at least one vulnerability, and 26% of those are serious. The continued proliferation of application vulnerabilities…