Suzanne Ciccone

Suzanne is part of the content team at Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

Top 4 Ways Vulnerabilities Creep Into Your Software

April 12, 2016  | Intro to AppSec

Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects?... READ MORE

Why You Need Your Boss’ Buy-In for Application Security

March 14, 2016  | Managing AppSec

Want your application security program to succeed? Get your boss on board. You need your CISO’s buy-in, and not just for scanning or pen testing a few business-critical apps – but for building a mature, robust program that secures every application the organization builds, buys or assembles. Here’s why: Reason 1: You need your boss to be a champion for your program with the C-... READ MORE

3 Steps To Getting Started With Web Application Security

February 23, 2016  | Intro to AppSec

Companies are producing more applications today than ever before, and with this increased production comes increased risk.  Many enterprises recognize the need for application security but aren’t making it a priority.  This is usually because application security is mistakenly seen as an overly complex and expensive endeavor. What those responsible for securing the applications at... READ MORE

Why Ignoring Development and Security Teams Undermines Application Security

February 11, 2016  | Managing AppSec

47913936_ml.jpg In an era of increasingly sophisticated data hacks and attacks, there's a critical need to move beyond protecting your business’s perimeter. To thoroughly safeguard your organization, your enterprise must adopt an approach that addresses systems and software throughout their lifecycles. A key piece of this strategic approach? Application security. According... READ MORE

Quick Wins: Get Defensive About App Security | Veracode

February 8, 2016  | Managing AppSec

Application security differs from other forms of security in the number of people it affects. Unlike installing a firewall or anti-virus software, an application security program will affect the everyday routines of many employees in many departments throughout your organization. And you need those employees to buy-in to the goals and policies of your program for it to succeed. Want a good way to... READ MORE

6 Tips for Turning Developers Into AppSec Allies

January 14, 2016

The development team can be the biggest barrier to the success of your application security (AppSec) program. If this team does not follow the protocol outlined in your program plan, you will be unable to demonstrate the value of your program, and it could stall before getting started. Background Security and development often seem to have competing priorities – delivering code on time vs.... READ MORE

3 Ways to Get Your Development Team on Board with Application Security

January 13, 2016  | Managing AppSec | Secure Development

working-with-development-team.png Protecting enterprise data and assets is a daunting task. According to IT industry organization ISACA, 82 percent of respondents to an April 2015 survey indicated that their enterprise is now "likely" or "very likely" to be attacked — only 1 percent said it's "not at all likely." Meanwhile, the average annual... READ MORE

Presenting "Application Security Fallacies and Realities"

December 16, 2015  | Intro to AppSec

When it comes to answering the questions, what is application security, and how does it work?, misunderstandings abound. Why is application security so misunderstood? Perhaps it’s because vulnerabilities are an abstract concept that hasn’t been explored in depth in the media or in software development coursework. Perhaps it’s because for years, network security and endpoint... READ MORE

IT Security Best Practices: 4 Benefits of Continual Testing

February 9, 2015

If you've reviewed Veracode's case study, you know it revolves around a large financial services firm that approached Veracode for help with an upcoming PCI audit. Though the firm initially requested assistance with this specific security need, it became clear that true compliance in any field requires far more than a single engagement. As IT security best practices dictate, security must... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu