Suzanne Ciccone

Suzanne is part of the content team at CA Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

Your Next Steps if Your AppSec Program Is in the Expanded Stage

March 16, 2017  | Managing AppSec

This is the third entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded (you're here!) Advanced If you are in the expanded application security stage, you... READ MORE

Your Next Steps if Your AppSec Program Is in the Baseline Stage

March 9, 2017  | Managing AppSec

This is the second entry in a blog series that looks at each stage of an application security program’s maturity and outlines what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline (you're here!) Expanded Advanced If you are in the baseline application security stage,... READ MORE

Your Next Steps if Your AppSec Program Is in the Reactive Stage

February 23, 2017  | Managing AppSec

This is the first blog in a series that will look at each stage of an application security program’s maturity and outline what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive (you're here!) Baseline Expanded Advanced If you are in the first stage and taking a reactive approach... READ MORE

How important is it to stay on top of the quickly evolving landscape of application security and application layer risk?

February 9, 2017  | Managing AppSec

In a word, very. You simply cannot secure your application layer without being one step ahead of application security threats and solutions. The problem is that it’s almost impossible to keep up in the face of the current security skills shortage. In a report titled, “Hackers Wanted: An Examination of the Cybersecurity Labor Market,” the RAND Corporation states that: “It... READ MORE

Podcast: What We Expect to See at RSA 2017

February 7, 2017  | Security News

The annual RSA Conference is one of the biggest security industry events of the year and, as such, is often a “canary in the coalmine” – signaling the trends, themes and future direction of the security industry. In Episode 2 of CA Veracode’s AppSec in Review podcast, Brian Fitzgerald, CA Veracode Chief Marketing Officer, talks to Evan Schuman about what those emerging 2017 trends and themes... READ MORE

Podcast: Making Sense of the New York DFS Cybersecurity Regulations

January 28, 2017  | Security News

View our new guide for continued learning: Navigating the New York Department of Financial Services' Cybersecurity Regulations The New York Department of Financial Services recently issued proposed regulations for cybersecurity that seek to standardize the way that financial services institutions protect information systems and the business and personal information they manage. Organizations... READ MORE

Podcast: Challenges of the Digital Economy

January 26, 2017  | Security News

The digital innovations used by companies are making it easier for companies to improve their productivity. They also remove barriers for startups to enter new markets and make our everyday lives easier. However, the digital economy comes with challenges and risks. During this installment of CA Veracode’s AppSec in Review Podcast, Brian Fitzgerald, CMO at CA Veracode discusses the... READ MORE

What’s the Worst That Can Happen? The Cost of a “Wait and See” AppSec Plan

January 10, 2017  | Managing AppSec

In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now face regulatory fines by ignoring application security. But a “wait and see” AppSec plan is also a... READ MORE

Where Pen Testing Belongs in Your Application Security Process

December 29, 2016  | Intro to AppSec

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can identify vulnerabilities that cannot be detected with automation, such as business logic flaws. Its... READ MORE

Applications Have a New Role in Today’s Digital World: What Are the Security Implications?

December 29, 2016  | Intro to AppSec

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu