Why RASP is a Transformational Technology

For the most part, new technology is evolutionary, it advances on the innovations of the past. An example of evolutionary technology in the security world would be next generation firewall. It advanced the technology already created to provide some new capabilities. Every so often, we see a technology that is innovative, and even rarer a truly transformational technology, or an innovation that changes the way a problem is solved and from which new technology will spring. RASP (Runtime Application Self-Protection) is just such a technology, and will change the way we look at security....

Read More

Why Ignoring Development and Security Teams Undermines Application Security

In an era of increasingly sophisticated data hacks and attacks, there's a critical need to move beyond protecting your business’s perimeter. To thoroughly safeguard your organization, your enterprise must adopt an approach that addresses systems and software throughout their lifecycles. A key piece of this strategic approach? Application security. According to CIO magazine, a typical $500 million-plus enterprise has developed more than 3,079 applications. These internal applications represent about 40 percent of a company’s overall application portfolio. Adding to the...

Read More

Where do vulnerabilities come from?

I’ll tell you one thing, it isn’t the stork! It’s not the explicit fault of the developers either. Vulnerabilities come from a combination of insecure coding practices, an ever-shifting threat landscape, the use of vulnerable components and code and idiosyncrasies of programming languages. And despite the growing reliance on and risks related to software, these problems persist and vulnerabilities in applications still abound. Our research found that three out of four applications produced by software vendors fail to meet OWASP Top 10 standards when initially assessed for...

Read More

How to Train a Globally Distributed Development Team

How companies with successful AppSec programs train globally distributed teams on secure development practices and security guidelines. Every large organization now has a complex and globally distributed software development process. It doesn’t matter whether your developers are in-house or out-sourced; based in Bangalore or Boston, the expectation is that quality, bug-free, secure software is built quickly and efficiently.  This provides the organization with the competitive edge it needs.  When developers cross language, cultural, time zone, and even organizational...

Read More

Quick Wins: Why You Must Get Defensive About Application Security

Application security differs from other forms of security in the number of people it affects. Unlike installing a firewall or anti-virus software, an application security program will affect the everyday routines of many employees in many departments throughout your organization. And you need those employees to buy-in to the goals and policies of your program for it to succeed. Want a good way to get that buy-in? Get a quick win. When you quickly show progress and results, stakeholders will take notice and be more willing to give their support, and funds, to your program. An excellent quick-...

Read More

The ironic battle over crypto

This post was originally published February 4, 2016 on: www.Jarrethousenorth.com   Bruce Schneier: Security vs. Surveillance. As the dust finally settles from the breach of the US Office of Personnel Management, in which personal information for 21.5 million Americans who were Federal employees or who had applied for security clearances with the government was stolen, I find it unbelievable that other parts of the federal government are calling for weakening cryptographic protections. Because that’s what the call for law enforcement backdoors is. There’s a certain kind...

Read More

Security Team – Here Are 5 Things I Need From You

A developer’s perspective on security teams coming in at the last minute to impose requirements on the development team First things first, I am by training, occupation, and birthright a DEVELOPER (yeah, I just screamed that and yeah I said “birthright”)! I was born this way, and if I didn’t love this stuff, there is no way I’d be capable of doing my job. This job isn’t for everyone. if I didn’t love this stuff, there is no way I’d be capable of doing my job Despite all the glitz, glamour, and riches you’ve been led to believe go along...

Read More

What is real-time security and why it is needed

Application security has emerged, evolved, matured and adopted at the programming and testing phases of application lifecycle, not at its operation phase. Technologies for application protection at the operation phase have been adopted at lesser degree and even then they are only adopted with some stipulation. This can be explained. Adopting application assessment/vulnerability detection technologies is less risky than adopting application protection technologies. Technologies such as static application security testing (SAST), dynamic application security testing (DAST), and software...

Read More

How AppSec Fits into an Information Security Program

Want a better information security program? Most companies do and are willing to spend big money on safeguarding critical systems. As noted by Infosecurity Magazine, Allied Market Research predicts huge growth in the hardware encryption market, with a CAGR of more than 50 percent and a net value of almost $300 billion by 2020. But locking down data at rest and in transit is only one step on the road to better InfoSec: If applications and network devices are inherently insecure, even the best encryption won't keep cyber criminals at bay. For many companies, however, the prospect of...

Read More

How We Worked with Our Development Team to Make Security a Differentiator

Many of the software vendors we work with come to us because their customers asked for some sort of security attestation. While we applaud the requests, we know providing separate security attestations for each product and for each customer can be time-consuming and difficult. This is why we urge independent software vendors to take a programmatic approach to application security. If they have a consistent security processes across their entire product line and can demonstrate their security processes to their customers, they are able to get around the security objections holding up sales....

Read More

Pages


Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.