NetSPI is embarking on an initiative to provide opinions and insight to security practitioners in the form of periodic blog entries covering four specific subject areas, one of which is Application Security. Entries in this blog category will be provided by members of NetSPI’s Application Security team and will include commentary on application security testing products, analysis of recent exploits, and our perspective on developing trends in application security.

The team, which consists of developers and pentesters with extensive experience across several industries, will draw on a wealth of experience: we test hundreds of applications for security vulnerabilities every year. The work done by the team includes application vulnerability assessments, penetration tests, architecture reviews, code analyses, and SDLC evaluations. This experience has given us a great perspective on where application controls are missing or fail, as well as the root cause of failures.

Our goal for this blog is to contribute content on application security that will not only be of interest, but that will have real value for you in protecting information assets. We welcome your suggestions and feedback.