Suzanne Ciccone

Suzanne is part of the content team at CA Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

How CA Veracode Integrations Enable Security at DevOps Speed

July 21, 2017

CA Veracode integrations speed the dev process

Speed and security are the name of the game in software development today. Why? Because software is now key to innovation and competitive advantage for every enterprise in every industry. This means that not only is the pace of software development rapidly increasing, but also that attacks against the application layer are proliferating. In turn, software development speed and security are now... READ MORE

Podcast: The OWASP Top 10 List Update: What You Need to Know

June 19, 2017  | Security News

The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities. The release candidate... READ MORE

Podcast: Our Take on the WannaCry Ransomware Attack

May 23, 2017  | Security News

wannacry podcast

On Friday, May 12, an unprecedented cyberattack affected approximately 200,000 computers across 150 countries. By exploiting a vulnerability in Microsoft Windows, a combined worm/ransomware attack called WannaCry shut down hundreds of thousands of computers and demanded payment in order to regain access. In episode 5 of our AppSec in Review podcast, Evan Schuman and CA Veracode's Brian Fitzgerald... READ MORE

Why Code Quality and Code Security Remain Two Separate Ideas

May 17, 2017  | Secure Development

quality code and secure code should be the same thing

The OWASP Top 10 list of the most critical web application security risks is finally being updated for the first time since 2013. A release candidate was published in April 2017, and the most significant takeaway was what was not on the list; namely, anything new. This is the first update in four years, and the list of vulnerabilities has not changed substantially. The same vulnerabilities – some... READ MORE

Before You Outsource Code Development – Think About the Security Implications

May 11, 2017  | Managing AppSec

Police in the Netherlands recently contacted more than 20,000 people who they suspect had their personal data stolen by a malicious web developer. This developer had built “backdoors” into applications he created for various businesses as a contractor. With the information he stole, it is alleged that he made online purchases, opened gambling accounts and impersonated victims' family members.... READ MORE

Regulations Surrounding Third-Party Software Security Are Increasing – How to Stay Compliant

May 4, 2017  | Managing AppSec

Developers are increasingly being pushed to create more code faster. As the speed of development increases, it becomes less feasible to create every application from scratch. In turn, the reliance on third-party applications and code increases as well. But this “short cut” comes with risk. Third-party applications and open source components frequently contain vulnerabilities, leaving... READ MORE

Podcast: Cyber Geneva Convention Proposed at RSA: Is It Feasible?

April 20, 2017  | Security News

AppSec in Review Podcast, Episode 4: Cyber Geneva Convention Proposed at RSA: Is It Feasible? At the most recent RSA Conference this past winter, Microsoft President Brad Smith proposed a Cyber Geneva Convention. We’ve had four Geneva Conventions in modern history. In each convention, the world’s nations came together to agree upon a set of guidelines on how war would be conducted,... READ MORE

The CA Veracode Platform: Where Development and Security Come Together

April 11, 2017  | Intro to AppSec

The development of software has become a continuous, integrated process that reaches beyond your internal development team. This allows your organization to grow and innovate like never before, but also requires you to think about security differently. Different teams with different priorities Security and development teams each have very different AppSec priorities, needs and requirements.... READ MORE

What Does an Advanced Application Security Program Look Like?

March 23, 2017  | Managing AppSec

This is the fourth and final entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded Advanced So, what does it look like when you reach the advanced stage? Based on... READ MORE

Podcast: How to Approach the NY DFS Cybersecurity Regulations

March 21, 2017  | Security News

How should you approach the new NY DFS cybersecurity regulations? In Episode 3 of CA Veracode's AppSec in Review podcast, Evan Schuman and CA Veracode's Brian Fitzgerald discuss how these regulations differ from past requirements and best practices for addressing them. They explore, among other things: The opportunity to use these regulations as a framework for a solid security program The best... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu