Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Don't Be AppSec 'Helicopter Parents'

sciccone's picture
By Suzanne Ciccone August 17, 2017  | Managing AppSec
Security's role shifts in a DevSecOps world

Roles shifting can be disconcerting. Having a clear role and understanding your responsibilities and tasks is comforting. But getting too comfortable can be dangerous. Take parenting for example. Parents wouldn’t be doing their kids any favors by continuing to feed and dress them as if they were 4 when they’re 10. As children age, they start to do these basic tasks on their own, and the parent... READ MORE

Best Practices for Complying with Emerging Application Security Regulations

TJarrett's picture
By Tim Jarrett August 14, 2017  | Managing AppSec
best practices for managing appsec regulations

In a previous blog post, we discussed how the proliferation of data breaches has caught the attention of regulators, which are increasingly focused on cybersecurity and application security. Case in point: Two recent major regulations – the EU Global Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their... READ MORE

What Do Microservices Mean for AppSec?

bpitta's picture
By Brian Pitta August 7, 2017  | Managing AppSec
microservices are like tapas vs. a traditional meal -- how this shift will affect AppSec

I am not a fan of tapas. I’ll take the 22-oz. bone-in ribeye over small plates any day. My wife is the opposite; she loves them. With more tapas bars opening and existing restaurants adopting a “small plate” menu, I find myself losing the battle of steakhouse vs. tapas quite often. After several meals (if that’s what you call them), I will admit I’ve started to see some of the appeal: pick what... READ MORE

5 Ways Veracode Helps You Remediate Flaws

Veracode helps you remediate flaws

As important as application security testing is, it's really just the first step in a continuous process to identify and fix flaws. And, depending on your application, you may have hundreds of flaws which require remediation. Some of the most common questions I hear when consulting with customers, particularly new customers, are, “how can I make sure I’m remediating the flaws I find,” followed by... READ MORE

Security Needs to Shift Left – and Right

sciccone's picture
By Suzanne Ciccone July 25, 2017  | Managing AppSec
Shift security both left and right

The move to Agile and DevSecOps development processes has fostered a lot of attention on the need to shift security testing left in the development cycle. And this is absolutely a pivot in the right direction. Moving security testing into the realm of the developer makes security testing faster, easier, more effective and less expensive. However, it’s important not to lose sight of the fact that... READ MORE

Podcast: What Our New Survey Reveals About the AppDev/Sec Relationship

sciccone's picture
By Suzanne Ciccone July 21, 2017  | Managing AppSec
AppSec in Review Episode 7

Veracode recently partnered with ESG to conduct a survey of 400 IT, cybersecurity and developer professionals regarding their take on the benefits of AppSec for contemporary software development and deployment. The survey results revealed some positive trends, including the fact that many developers are focusing on security for security’s sake, rather than solely to meet compliance requirements.... READ MORE

Answers to the Top 10 Customer FAQs

Veracode Customer FAQs

At Veracode, we work hard to support our customers in meeting the goals of your application security program. As a Manager of Customer Success Management (CSM), I work with our CSMs to help hundreds of customers beginning their journey to a mature AppSec program, and many who are just starting out with Veracode. Veracode Services and Support Teams hear a lot of the same questions from numerous... READ MORE

Best Practices for the Adoption of Open Source Software

cdomoney's picture
By Colin Domoney May 26, 2017  | Managing AppSec
best practices for open source component use

In a previous blog post, I discussed the differing perspectives security and development teams have about the use of open source components. Taking these perspectives into account, what is the best way to enable the use of open source components in your organization? Forbidding their use entirely is not a viable option and, in fact, would be detrimental to both developers and the organization as... READ MORE

You’ve Got Smoke Detectors in the House, but I Bet You Still Don’t Store Gasoline in the Living Room

bfitzgerald's picture
By Brian Fitzgerald May 15, 2017  | Managing AppSec
the dangers of focusing only on detection in application security

“Detection and response” is the new approach to information security being championed by some of the leading analyst firms today. The theory is that, since we have failed to keep attackers from getting inside our networks, we’re better served getting tools that detect them once they are in, and help chase them back out again before they can do real harm. Nice idea, but completely wrong-headed.... READ MORE

Before You Outsource Code Development – Think About the Security Implications

sciccone's picture
By Suzanne Ciccone May 11, 2017  | Managing AppSec

Police in the Netherlands recently contacted more than 20,000 people who they suspect had their personal data stolen by a malicious web developer. This developer had built “backdoors” into applications he created for various businesses as a contractor. With the information he stole, it is alleged that he made online purchases, opened gambling accounts and impersonated victims' family members.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.