Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

You’ve Got Smoke Detectors in the House, but I Bet You Still Don’t Store Gasoline in the Living Room

bfitzgerald's picture
By Brian Fitzgerald May 15, 2017  | Managing AppSec
the dangers of focusing only on detection in application security

“Detection and response” is the new approach to information security being championed by some of the leading analyst firms today. The theory is that, since we have failed to keep attackers from getting inside our networks, we’re better served getting tools that detect them once they are in, and help chase them back out again before they can do real harm. Nice idea, but completely wrong-headed.... READ MORE

Before You Outsource Code Development – Think About the Security Implications

sciccone's picture
By Suzanne Ciccone May 11, 2017  | Managing AppSec

Police in the Netherlands recently contacted more than 20,000 people who they suspect had their personal data stolen by a malicious web developer. This developer had built “backdoors” into applications he created for various businesses as a contractor. With the information he stole, it is alleged that he made online purchases, opened gambling accounts and impersonated victims' family members.... READ MORE

Development and Security Have Different Perspectives on Open Source Components

cdomoney's picture
By Colin Domoney May 9, 2017  | Managing AppSec
security and dev have differing opinions on open source components

Open source components are a blessing and a curse. From a developer’s perspective, they’re a no-cost way to speed the development process. But they can be a curse security-wise. Many open source components contain vulnerabilities that put the organization at risk of getting breached and failing compliance audits. In fact, recent Veracode research looked at all the Java applications we scanned in... READ MORE

Regulations Surrounding Third-Party Software Security Are Increasing – How to Stay Compliant

sciccone's picture
By Suzanne Ciccone May 4, 2017  | Managing AppSec
security regulations surrounding third-party software

Developers are increasingly being pushed to create more code faster. As the speed of development increases, it becomes less feasible to create every application from scratch. In turn, the reliance on third-party applications and code increases as well. But this “short cut” comes with risk. Third-party applications and open source components frequently contain vulnerabilities, leaving... READ MORE

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

HipChat Breached

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Give Developers Training That Actually Helps

Developer training that helps.

Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the bookstore to purchase books on the technologies that I was using. These books were hundreds... READ MORE

What Does an Advanced Application Security Program Look Like?

sciccone's picture
By Suzanne Ciccone March 23, 2017  | Managing AppSec
an advanced application security program

This is the fourth and final entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded Advanced So, what does it look like when you reach the advanced stage? Based on... READ MORE

Your Next Steps if Your AppSec Program Is in the Expanded Stage

sciccone's picture
By Suzanne Ciccone March 16, 2017  | Managing AppSec
Expanded application security program

This is the third entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded (you're here!) Advanced If you are in the expanded application security stage, you... READ MORE

Beyond the Quadrant 2017

jlavery's picture
By Jessica Lavery March 15, 2017  | Managing AppSec
Beyond the magic quadrant - application security testing in 2017 and beyond.

This year’s Gartner Magic Quadrant for Application Security Testing₁ has published, and while many people read the report for the vendor assessments, the authors offered some insight into the overall application security market. In the report, first time AST Magic Quadrant authors Dionisio Zumerle and Ayal Tirosh commented that the “security testing is growing faster than any other... READ MORE

Lessons Learned Building an Application Security Team

cdomoney's picture
By Colin Domoney March 14, 2017  | Managing AppSec
Building an application security team.

In 2012, I joined a large investment bank in London to start and grow its application security programme from the ground up. My initial focus was on the selection of the best tool for the job; namely, a static code analysis scanner that could be deployed easily, and scale widely. Within a few months, I had access to the Veracode Application Security Platform, and I was ready to start scanning my... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu