Where Pen Testing Belongs in Your Application Security Process

sciccone's picture
By Suzanne Ciccone December 29, 2016  | Intro to AppSec
What is manual penetration testing?

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can identify vulnerabilities that cannot be detected with automation, such as business logic flaws. Its... READ MORE

Applications Have a New Role in Today’s Digital World: What Are the Security Implications?

sciccone's picture
By Suzanne Ciccone December 29, 2016  | Intro to AppSec
Role of applications in today's digital world.

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly... READ MORE

Application Security? But I Have a WAF!

TJarrett's picture
By Tim Jarrett December 28, 2016  | Intro to AppSec
Firewalls don't catch everything.

It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with it? Why should you spend time hunting down vulnerabilities in your code and figuring out how to fix them? The “appliance throwing... READ MORE

Surviving a Password Policy Perfect Storm

ahamilton's picture
By Andrew Hamilton December 27, 2016  | Intro to AppSec

As a security consultant, I see examples all the time of applications that don’t implement defense-in-depth to reduce the risk of account compromises. One area where this is especially problematic is password policy. Password policies can contribute to a strong application security strategy, or create a false sense of security while leaving user data and applications open to attack. Weak... READ MORE

Top Takeaways From Veracode’s Developer Survey

jzorabedian's picture
By John Zorabedian December 21, 2016  | Secure Development

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE

The Future of AppSec is DevSecOps

jlavery's picture
By Jessica Lavery December 19, 2016  | Secure Development
What's next for application security in 2017?

With 2016 coming to an end, we, like many companies, are reflecting on the trends of the past year. We are also looking outward to what the future holds for application security, and it has never been clearer that the future of application security will be tied to DevOps and integrating security into DevOps environments. As such, it is crucial that security becomes part of the entire software... READ MORE

What's the Worst That Can Happen? The Cost of a "Do Nothing" AppSec Plan

sciccone's picture
By Suzanne Ciccone December 19, 2016  | Intro to AppSec

Do you think you don’t need application security? Maybe you think application security is too complex, or too expensive. Maybe you think, we haven’t been breached yet, what are the chances? And even if someone tries, we have a WAF. It might seem more cost-effective to simply “do nothing” rather than invest in application security. But you should be aware that there is... READ MORE

You’re Invited: A DevOps Dinner Party

ktcampbell's picture
By Katie Campbell December 16, 2016  | Secure Development

With the holidays quickly approaching, I can’t help but think about all of the dinner parties just around the corner and the many hours of “forced family fun” as we like to call it in our house. Don’t get me wrong, I love all the dishes that get whipped up by my family members, but with that comes the fact that you need to sit around the dinner table … for hours... READ MORE

App Security Deserves Far More IT Respect

eschuman's picture
By Evan Schuman December 15, 2016  | Security News

App Security today is the Rodney Dangerfield of IT security. Everyone knows about it, but it gets no respect. Isn't it obvious that because apps are granted greater data-sharing with other apps and the ability to update itself—directly to the mothership—without IT signoff, that perhaps this should soar to the top of the danger list? Apparently not. Consider just a few examples... READ MORE

Airbags and AppSec: Changing the Mindset on Software Security

cwysopal's picture
By Chris Wysopal December 13, 2016  | Managing AppSec
Seat belts and appsec, will software security ever become a requirement?

In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts,... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu