Suzanne Ciccone

Suzanne is part of the content team at Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

5 Essential Steps to Shift Security Left [VIDEO]

February 8, 2018

Speed rules in software development today. The DevOps model means getting newer, better, faster into the hands of customers as quickly as possible is the name of the game. But where does that leave security? If it’s not done right -- overlooked or worked around. Done right -- it’s embedded into the software development process from day one, unobtrusively checking for and removing vulnerabilities... READ MORE

Security: Here’s What You Need to Know About Development

February 1, 2018

The days of security and development working in separate and isolated silos are over. Security is now a task shared by the development and security teams throughout the software lifecycle – from inception to production. Security testing has become primarily the responsibility of developers, with security taking on more of an enabling role – crafting and communicating policies, assisting with... READ MORE

Podcast: 2017 AppSec Lessons Learned

January 31, 2018

Appsec Lessons Learned from 2017

“The more things change the more they stay the same” could be the application security motto for 2017. Last year featured breaches stemming from the same vulnerabilities that have been wreaking havoc for years. In fact, we saw SQL injection in about 30 percent of the apps we scanned in 2017 – a number that hasn’t budged much since 2011. 2017 also shone a harsh spotlight on the risk of open source... READ MORE

What Security Pros Will Get Out of our Upcoming DevSecOps Virtual Summit

January 31, 2018

The shift to DevOps and DevSecOps is happening. Organizations in all industries are creating software not just faster, but also in a more precise, collaborative and incremental way. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50 percent last year. And this shift casts a wide net, affecting everything... READ MORE

Did You Read Our 5 Most Popular 2017 Blog Posts?

January 17, 2018  | Managing AppSec

2017 was quite a year for application security. From big breaches to breakthroughs, 2017 featured a lot of scary headlines reflecting the sorry state of application security, but also news about companies moving the needle on AppSec, and regulators waking up to the reality about how data is exposed. Not surprisingly, our most popular 2017 blog posts mirror the trends and headlines – and reveal... READ MORE

How CA Veracode Products Secure the Production Stage

January 3, 2018

This is the third entry in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from coding to testing to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations secure their... READ MORE

Podcast: 2017 OWASP Top 10 – What’s New

December 21, 2017

What you need to know about the 2017 OWASP Top Ten

For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the additions, and the subtractions? CA... READ MORE

Overcoming the Language Barrier Key to DevSecOps Success

December 8, 2017

As DevOps moves to DevSecOps, there is a significant “people” component involved in the shift. Development and security teams both need to overcome their “language barriers” and understand each other’s processes and priorities. The effort is worth it because we know that (1) the consequences of neglecting software security are getting more damaging and (2) embedding security early and often into... READ MORE

How Are We Securing the Booming Digital Economy? Our Latest Survey Results

December 8, 2017  | Intro to AppSec

Securing the digital economy survey report

The holiday season is upon us; are you buying all your gifts at the mall? Probably not. Many, if not most, of you are going to research, purchase and pay for all your holiday gifts online this year. Digitization is everywhere – changing every interaction and transaction. But it seems like breaches are everywhere as well – affecting all industries in all geographies. Are business leaders simply... READ MORE

Hardcoded Credentials: Why So Hard to Prevent?

December 1, 2017

About a year ago, attackers managed to tap into thousands of IoT devices to create a botnet infected with Mirai malware and wreak havoc on some major websites. This Mirai botnet, made up of 100,000 IoT devices from DVRs to security cameras, unleashed a massive DDoS attack on DNS provider Dyn, which brought down dozens of websites, including Twitter, Spotify, Netflix and The New York Times. ... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu