Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

Why Data Breaches Still Happen

pherzog's picture
By Pete Herzog October 3, 2016  | Intro to AppSec
Why there are still breaches explained with a dam metaphor.

Video Transcript All this is a dam and it's my metaphor for security. Sure, it's a bit overused and simplistic, so work with me. A dam is used for more than just pooling water or preventing flooding, it's also used to reclaim land, provide a fresh water supply, generate electricity, just like business level security is more than just preventing against attacks or protecting assets. It... READ MORE

Why DevOps Is Not DevSecOps

jfeiman's picture
By Joseph Feiman August 25, 2016  | Intro to AppSec

The IT industry has long welcomed DevSecOps, yet it is still poorly adopted. Gartner tellingly defines its status as: “Trough of Disillusionment.” What is inhibiting adoption? For the answer, look at its definition, and you will sense something odd. It is defined as a set of processes, people, methods, models, policies, culture, recipes, blueprints and templates.  This list... READ MORE

Top 4 Reasons Why Application Security Should Be Your Focus

sciccone's picture
By Suzanne Ciccone August 16, 2016  | Intro to AppSec

We live in a software-driven world – it’s how organizations in every industry interact with customers, prospects and partners. But information security has not kept pace with this shift, and traditional defenses are proving inadequate in this environment. As users and applications become the risk focal point, there is no hard and fast perimeter security professionals can put a wall... READ MORE

You’ve Tested the AppSec Waters: Now It’s Time to Take the Plunge

sciccone's picture
By Suzanne Ciccone August 11, 2016  | Intro to AppSec
cliff diver

You’ve dipped your toes into the AppSec waters, but now it’s time to wade in a little further. Many organizations understand application security is important, and maybe they’ve done some scanning or pen testing of a handful of apps. But many are also unsure what comes next, or even if anything needs to come next. The reality is that Web application attacks are now the most... READ MORE

You Can’t Keep Up With the Security Demand

sciccone's picture
By Suzanne Ciccone July 12, 2016  | Intro to AppSec

Developers are cranking out code faster than ever, and the threat landscape is growing and changing at an equally fast pace – all while the number of skilled security professionals is at an all-time low. If your application security strategy is to test code after it’s completed, then scramble to fix whatever’s broken, or worse, patch vulnerabilities in code as you hear about... READ MORE

Staying Ahead of Hidden Vulnerabilities in Your System

sporemba's picture
By Sue Poremba June 29, 2016  | Intro to AppSec

It’s been two years since the Heartbleed vulnerability made news, had companies scrambling for a fix, and sent computer users into a panic. It’s been a while since there has been a vulnerability of that magnitude to create headlines, but it doesn’t mean that vulnerabilities aren’t hiding in the software we use every day. Just this week alone, vulnerabilities have been... READ MORE

Why Firewalls Aren’t Your Only Friend

dstrom's picture
By David Strom June 21, 2016  | Intro to AppSec

Firewalls have been protecting networks for decades, and many of us can’t remember life before them. But they aren’t your only friends, and these days just having a firewall isn’t enough to keep the bad guys from penetrating your network. While they are a good first step, you need to start thinking beyond firewalls to keep your infrastructure secure. What is really required is... READ MORE

How to Earn a Reputation as a Unicorn

anielsen's picture
By Anne Nielsen June 7, 2016  | Intro to AppSec

You have a great idea for a new product – what could possibly go wrong? One of my favorite games in business[1] is to have a pre-mortem wherein you imagine that you are a year older and wiser and whatever it is you are working on right now fails miserably. I mean, spectacularly – we are talking This game plays into my hyperbolic nature, but also is useful in... READ MORE

What is Benchmarking?

hcampbell's picture
By Helena Campbell May 31, 2016  | Intro to AppSec

If you type ‘Benchmarking’ into Google, the top definition is “evaluating something by comparison with a standard”. Seems simple enough, but the bigger question here is – who sets that standard? In the past, we may have looked to the big enterprise size companies, however breaches such as; Talk Talk, and Target show us that it’s easy to see that even the... READ MORE

Top 3 Reasons Why Neglecting Application Security Is Risky Business

sciccone's picture
By Suzanne Ciccone May 10, 2016  | Intro to AppSec

Vtech, TalkTalk, OPM, Premera … you’ve seen the headlines about all the destructive breaches in 2015. Want to avoid the same fate? The best way to reduce your risk of a breach is to implement an application security program. Most organizations have sufficiently secured the network and hardware layers, but have yet to focus their attentions, or budgets, on the security of the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu