Suzanne Ciccone

Suzanne is part of the content team at Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

A Single AppSec Technology Is Not Enough

November 25, 2016  | Managing AppSec

There is no application security silver bullet; if you’re relying on only one technology, you are leaving your organization open to attack. Over the past 10 years, we have scanned 2 trillion-plus lines of code, and we consistently see that different testing types are better an uncovering different vulnerabilities, and that one testing type is not enough. Our most recent State of Software... READ MORE

What’s Your No. 1 AppSec Concern? Here’s What Our Survey Respondents Say

November 18, 2016  | Managing AppSec

We recently surveyed 308 security professionals in the US and UK tasked with application security to find out their top AppSec concerns, stumbling blocks and tactics. Their biggest AppSec concern? Overwhelmingly, it was reducing the risk of attacks while building, buying and integrating more software than ever. A majority (58 percent) of survey respondents cited this as a concern. Across regions... READ MORE

Do You Use Open-Source Components? Find Out What Our Latest Research Reveals

October 31, 2016  | Managing AppSec

We just published our seventh State of Software Security (SoSS) report. Based on the goldmine of data we have accumulated over the past 18 months and 300,000 security assessments, this SoSS report is intended to give security practitioners a clear picture of application security trends and how their initiatives compare to their peers’. New in this version of the report is a deep-dive look at the... READ MORE

How Often Should You Assess Apps for Security?

October 28, 2016  | Intro to AppSec

Those new to AppSec might wonder – how often do I have to test my apps for security? One school of thought is: do a one-time scan of all or most apps in production, fix the most egregious defects and either consider security testing “done” – or maybe schedule another scan in several months, even for the next year. The problem with this model is that it doesn’t work... READ MORE

AppSec: From the Breakroom to the Boardroom

October 14, 2016  | Intro to AppSec

Application security is an emerging and critical aspect of a security program; however, all AppSec attitudes are not created equal. Unlike other security initiatives, application security affects a lot of different people in your organization – and in different ways. A developer’s attitude toward and concerns about an application security program will not be the same as a member of... READ MORE

Don’t Let Your AppSec Plan Go the Way of Your New Year’s Resolution

September 27, 2016  | Managing AppSec

With the wrong approach, your AppSec solution could go the way of your treadmill – a great piece of equipment, but not really producing results. Keep in mind that technology is only one part of an AppSec solution, and a technology-focused AppSec plan will end up like your technology-focused New Year’s resolution: a dust-coated treadmill with clothes draped all over it. The equipment... READ MORE

Security Grows Up

September 21, 2016  | Managing AppSec

The technology landscape has changed and evolved to the point where old security tactics are no longer sufficient. In the same way that the tactics you use to keep your kids safe when they’re babies become ineffective, and actually detrimental to them, as they grow – sticking with old IT security tactics will not only leave you insecure, but will also hold back innovation, and your... READ MORE

Three Reasons AppSec Policies Matter

September 16, 2016  | Managing AppSec

You probably get a lot of email. Do you give every email the same level of attention? Do you read, craft a thoughtful response, and immediately complete any follow-on tasks for every single email message as it comes in? If you do, congrats – but you probably don’t spend your days doing much else! Whether you know it or not, you have a policy regarding your emails. Maybe you... READ MORE

Top 4 Reasons Why Application Security Should Be Your Focus

August 16, 2016  | Intro to AppSec

We live in a software-driven world – it’s how organizations in every industry interact with customers, prospects and partners. But information security has not kept pace with this shift, and traditional defenses are proving inadequate in this environment. As users and applications become the risk focal point, there is no hard and fast perimeter security professionals can put a wall... READ MORE

You’ve Tested the AppSec Waters: Now It’s Time to Take the Plunge

August 11, 2016  | Intro to AppSec

You’ve dipped your toes into the AppSec waters, but now it’s time to wade in a little further. Many organizations understand application security is important, and maybe they’ve done some scanning or pen testing of a handful of apps. But many are also unsure what comes next, or even if anything needs to come next. The reality is that Web application attacks are now the most... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu