Bad Things Happen When You Don’t Measure Your AppSec Program

sciccone's picture
By Suzanne Ciccone May 23, 2016  | Managing AppSec

If you’re going to spend time, money and effort implementing an application security program, don’t lose your progress by neglecting to collect and share metrics. With strong metrics, you not only prove that your program is making a positive impact, but also identify where and how it’s working – or not working. What happens if you don’t measure? Bad things like these... READ MORE

In AppSec, What You Measure Is as Important as What You Do

sciccone's picture
By Suzanne Ciccone May 18, 2016  | Managing AppSec

If you’ve ever wrapped a gift and ended up with a big stripe of the box showing down the middle, you know “measure twice, cut once” is a popular saying for a reason. The need to give equal attention to measuring and doing holds true for a plethora of activities and industries, and application security (AppSec) is no exception. You can implement all the latest and greatest AppSec... READ MORE

Securing the SDLC

janderson's picture
By Jet Anderson May 16, 2016  | Managing AppSec

This post was originally published on May 2,2016 at: https://thatsjet.com/2016/05/02/securing-the-sdlc/ I had the opportunity to speak last week at my local ISSA chapter on the topic of Securing the Software Development Lifecycle. Given the interest it generated among the attendees I realized that this is a topic for MUCH further discussion worthy of at least a few blog posts on thatsjet.com... READ MORE

Security Needs to Start Deep Within the OS: And It Needs to Start Now

eschuman's picture
By Evan Schuman May 12, 2016  | Security News

As strategic and essential as enterprise security is today, it is still, at its most fundamental level, an afterthought. We take the OS, apps, databases, network controls as they are given to us, and then we try and Band-Aid on top of it the best security we can. We use firewalls and filters and VPN tunnels and encryption to try and limit the damage software vulnerabilities can do. As a practical... READ MORE

5 Things Devs Wish CISOs Knew About DevOps

The rapid adoption of DevOps practices in the enterprise has forced a lot of CISOs to rethink their security play books. Gone are the days of testing for security once software engineers are done developing a piece of software. With rapid iterations and continuous delivery of software there is no "done" anymore. Additionally, the fast-paced DevOps model gives engineers the power to... READ MORE

Top 3 Reasons Why Neglecting Application Security Is Risky Business

sciccone's picture
By Suzanne Ciccone May 10, 2016  | Intro to AppSec

Vtech, TalkTalk, OPM, Premera … you’ve seen the headlines about all the destructive breaches in 2015. Want to avoid the same fate? The best way to reduce your risk of a breach is to implement an application security program. Most organizations have sufficiently secured the network and hardware layers, but have yet to focus their attentions, or budgets, on the security of the... READ MORE

4 Quick and Painless Steps to Get an AppSec Program Going at Your Software Company

pherzog's picture
By Pete Herzog May 9, 2016  | Intro to AppSec

Your application security is a problem. So why are you just hearing about this now? Is Big Security suppressing this information? Or could it be that unless there's a huge breach that makes the staff come in on a weekend that anyone bothers to care? It's probably the second one. It's tough to give priority to something that seems to be not a problem the moment. It's true that you... READ MORE

Software Vendors: How to Overcome the Top 3 Developer Objections to Application Security

sciccone's picture
By Suzanne Ciccone May 8, 2016  | Managing AppSec

Software vendors will increasingly be on the hook to provide evidence that their code is secure. With mounting pressure from customers, regulations and even competitors, vendors are finding they need to make application security a priority. But as software vendors start their application security journey, the first roadblock they often hit is the development organization. And that can be a... READ MORE

One Problem With Perimeter Security: Today's Networks Shouldn't Even Have A Perimeter

eschuman's picture
By Evan Schuman May 6, 2016  | Managing AppSec

Saw an interesting column the other day from a security consultant arguing that healthcare enterprises need to re-envision security and pull information from the network perimeter and back into servers, where everything is easier to control. It's a compelling argument until you get realistic, practical and focus on the reason enterprise networks exist in the first place. Going back to a... READ MORE

Verizon’s 2016 Data Breach Investigations Report Demonstrates Traditional Approaches to AppSec Aren’t Working

jlavery's picture
By Jessica Lavery May 5, 2016  | Security News

It has taken me a few days to wade through all the data and information in this year’s Verizon Data Breach Investigations Report, but I’ve finally found the time to read it all the way to the end. As always, the report is full of interesting statistics about breach and incident trends. While each section of the report offered valuable insights and information, I found the section on... READ MORE


Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.