Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

To Effectively Secure the Perimeter, Knowing Where Your Apps Stand and Using Automation Is Essential

ewade's picture
By Evan Wade August 10, 2015  | Intro to AppSec

In the software world, a lot of problems comprise two segments: the why, and the how. Usually, it's the how that gets results. Take the increasingly important practice of perimeter management. Sure, we all know why it's important to secure the perimeter, so to speak, by keeping our sites, apps and so on locked down, but knowing how to keep them airtight is what really matters. So, what... READ MORE

Internal Security Begins With Smart Policies

sdrew's picture
By Shawn Drew August 6, 2015  | Intro to AppSec

External threats seem to be getting all the attention in InfoSec these days, but they only represent one aspect of the overall threat every enterprise faces. Internal threats can be just as damaging and much more difficult to detect — which means every CISO has to consider internal security when designing an overall plan for his or her business. While there are a number of positive steps to... READ MORE

The New SDLC: Test Early, Test Often, Test Everything

dbonderud's picture
By Doug Bonderud February 4, 2015  | Intro to AppSec

It is six times as expensive to fix an app vulnerability in production than to fix one in development, according to a recent Veracode webinar. This shouldn't come as a surprise: developers test for functional and performance bugs early in the in the Software Development Life Cycle (SDLC). So it makes sense that people producing code are doing security testing early, they're testing often... READ MORE

Prevent Web Application Vulnerabilities by Testing Early

ewade's picture
By Evan Wade November 14, 2014  | Intro to AppSec

An exploit is not an exploit is not an exploit. Though many abusable web application vulnerabilities ostensibly come with the same goal in mind — namely, letting malicious jerks access all sorts of sensitive data — the various roads they take to reach that end are nearly as wide and varied as the types of software they attack. Here's a look at three well-known web application... READ MORE

A Guide to Static Testing of Web Apps: No Running Required

sdrew's picture
By Shawn Drew September 23, 2014  | Intro to AppSec

static-web-testing.jpg In the modern, fast-paced world of Agile software development, where an organization may have new or updated web apps released every few days or weeks, application security scans are sometimes delayed until the last part of the quality assurance (QA) phase. However, even if developers are versed in secure architectural design and threat modeling, security... READ MORE

Static Testing vs. Dynamic Testing

Neil's picture
By Neil DuPaul December 3, 2013  | Intro to AppSec

​Updated: 7/18/2017 With reports of website vulnerabilities and data breaches regularly featuring in the news, securing the software development life cycle (SDLC) has never been so important. The enterprise must, therefore, choose carefully the correct security techniques to implement. Static and dynamic analyses are two of the most popular types of code security tests. Before implementation... READ MORE

The Appsec Program Maturity Curve 2 of 4

mteeling's picture
By Michael Teeling November 8, 2013  | Intro to AppSec

Program Levels 1 to 2 – from Ad-Hoc to Blueprint This is post two in a series on the Application Program Maturity Curve, you can read the first post of this series here. As we’ve discussed, the program maturity model for Application Security has six levels. You should be able to recognize at which stage of the curve your particular organization is. The easiest one to recognize is an... READ MORE

OWASP Top Ten 2013

Neil's picture
By Neil DuPaul September 18, 2013  | Intro to AppSec

The Open Web Application Security Project (OWASP) was started in 2001 with the avowed mission of ‘making software security visible, so that individuals and organizations worldwide can make informed discussions about true software risks.’ Since then OWASP’s influence has grown to the point that their Top 10 project is referenced by many standards, books, tools, and organizations... READ MORE

The Real Cost of a Data Breach Infographic

Neil's picture
By Neil DuPaul July 26, 2013  | Intro to AppSec

What happens when you let your application security posture go unchecked? Data breaches happen and with every breach comes a cost. As we've just witnessed in recent headlines regarding the five Eastern European computer programmers that went on a seven year hacking spree, this cost can be quite high with damages estimated to exceed $300 million. The indicted hackers gained access to the... READ MORE

Hacking the Mind: How & Why Social Engineering Works

Neil's picture
By Neil DuPaul March 6, 2013  | 6

Watch a recreation of the phone call that won the 2017 DEFCON Social Engineering CTF! Social engineering: the hack that requires no knowledge of code. Despite its relative simplicity the risks associated with social engineering are just as serious as the numerous hacks that have populated recent headlines. For everyday citizens awareness of social engineering scams and the methods they use that... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu