Where Does Our AppSec Program Go From Here? Ask Yourself These Questions

sciccone's picture
By Suzanne Ciccone December 7, 2016  | Managing AppSec
How to improve your appsec program.

If you’ve just begun an application security program, but aren’t sure where to go next, here are a few questions to help point you in the right direction. Are you using more than one type of assessment technique? If not, how certain are you that your one method is locating every type of vulnerability? There is no application security silver bullet. If you’re only testing with... READ MORE

Is Your Dynamic Scanning Context Aware?

JPelletier's picture
By Joe Pelletier December 6, 2016  | Managing AppSec
Dynamic analysis, context aware scanning.

When it comes to dynamic scanning, speed and accuracy are critical factors. Developers and security teams have no time for false positives, especially in a world where the time between releases is increasingly compressed. Yet a common vulnerability found by dynamic scanners is Cross-Site Scripting (XSS), and these vulnerabilities are often either false positive or missed due to poor coverage. In... READ MORE

How to Evaluate and Select Application Security Testing Vendors

jfeiman's picture
By Joseph Feiman December 5, 2016  | Intro to AppSec

The application security testing (AST) market is getting crowded. In addition, many of the vendors offer multiple technologies, and are promising even more advanced technologies in the near future. Some deliver technologies as tools, some as services. And these technologies are all priced differently. The question is: How do you evaluate the marketplace and select the right vendor? In this blog,... READ MORE

How Are You Approaching AppSec? Here’s What Your Peers Are Doing … or Not Doing

sciccone's picture
By Suzanne Ciccone December 5, 2016  | Managing AppSec
Application security survey and poll results.

We recently surveyed 308 security professionals responsible for application security (AppSec) to find out the struggles they’re facing and the tactics they’re employing in securing their application layer. In analyzing the responses, we found that what the respondents are not doing regarding application security is often more revealing than what they are doing. The bottom line is that... READ MORE

5 Ways to Keep Your Applications Safe From Vulnerable Components

TJarrett's picture
By Tim Jarrett December 1, 2016  | Secure Development

In earlier blog posts in this series, we’ve learned more about how the vulnerability used to break into the San Francisco Municipal Transportation Agency’s computers may have come from a single vulnerable open source component. We’ve talked a little about how developers use open source components – and why it’s hard for them to know what’s in their applications... READ MORE

Strengthening Your Security With Mundane—But Often-Overlooked—App Maintenance

eschuman's picture
By Evan Schuman December 1, 2016  | Managing AppSec
A Healthy Salad

It's often said in security circles that a massive percentage of intrusions and breaches could be thwarted by the IT equivalent of eating your vegetables and exercising regularly. Whereas CFOs are often attracted to—or, in some cases, repelled by—the shiny objects of high-end security defenses, the mundane wash-your-hands-before-eating rules have the most impact. That means not... READ MORE

The Role of Applications in Today’s Digital World

sciccone's picture
By Suzanne Ciccone December 1, 2016  | Intro to AppSec
Software security in the modern world.

Five years ago, Marc Andreessen famously stated that “software is eating the world,” and it has and is in ways that he probably couldn’t have imagined even five years ago. Applications are no longer a nice-to-have. They play a central role in how and why businesses operate, and companies are producing them in unprecedented numbers. In fact, a typical $500 million-plus enterprise... READ MORE

What Makes an AppSec Program Successful: A Program Management Perspective

ppourmousa's picture
By Pejman Pourmousa November 30, 2016  | Managing AppSec
What Makes an AppSec Program Successful

I have spent the entirety of my career in the area of services management and delivery, specifically around compliance, risk and security. I have had the good fortune of seeing over 1,300 program deployments across all size companies spanning every industry. Today, I am the Director of Program Management at Veracode, working to help customers successfully adopt Veracode’s solutions. I... READ MORE

How One Open Source Component Put 25% of Java Applications at Risk

TJarrett's picture
By Tim Jarrett November 30, 2016  | Secure Development
Open Source Component Risk

In the first part of our blog series on the ransomware attack on the San Francisco Municipal Transportation Agency, we discussed how the attacker chose to exploit a deserialization vulnerability in WebLogic to compromise vulnerable systems. And we learned that this vulnerability was a big target, because it is the result of a component (Apache Commons Collections) present in about 50 percent of... READ MORE

Why the Ransomware Attack on San Francisco Is Such a Big Deal

TJarrett's picture
By Tim Jarrett November 29, 2016  | Secure Development
Ransomware attack on San Francisco Municipal Transportation Authority

The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu