Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Your Next Steps if Your AppSec Program Is in the Reactive Stage

sciccone's picture
By Suzanne Ciccone February 23, 2017  | Managing AppSec
Reactive application security programs should follow these steps.

This is the first blog in a series that will look at each stage of an application security program’s maturity and outline what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded Advanced If you are in the first stage and taking a reactive approach to application... READ MORE

A Veracode Program Manager’s Perspective: Our Programmatic Approach to Application Security

gjames's picture
By Griff James February 21, 2017  | Managing AppSec

Undeniably, the best way to get secure software is to develop secure software. And the emerging DevSecOps trend – the integration of development, security and operations – facilitates this process. The ideal application security program today would involve a DevOps process with security integrated automatically from development to production. However, most companies aren... READ MORE

How important is it to stay on top of the quickly evolving landscape of application security and application layer risk?

sciccone's picture
By Suzanne Ciccone February 9, 2017  | Managing AppSec

In a word, very. You simply cannot secure your application layer without being one step ahead of application security threats and solutions. The problem is that it’s almost impossible to keep up in the face of the current security skills shortage. In a report titled, “Hackers Wanted: An Examination of the Cybersecurity Labor Market,” the RAND Corporation states that: “It... READ MORE

My Advice to Software Vendors: Answer Security Questions Before Your Customers Start Asking

chausammann's picture
By Christine Hausammann January 27, 2017  | Managing AppSec
Answer Security Questions Before Your Customers Start Asking

Companies that sell software for a living are gradually facing more and more pressure to cough up proof of security for their products. Working on the business development team at Veracode, I’ve seen this tidal wave growing, and my best advice to software vendors is to be proactive. If you learn what to expect and how to answer different attestation requests, you’ll be ahead of many... READ MORE

Introducing Automated AppSec Consultation Scheduling

anielsen's picture
By Anne Nielsen January 27, 2017  | Managing AppSec
Automated read-out call scheduling is now available!

Simplifying the process of getting Veracode’s help fixing security findings Veracode provides security experts on-demand to help developers make sense of the findings resulting from a security analysis – SAST, DAST, etc. These experts give developers context on Veracode’s scan results and provide advice on appropriate actions that would resolve the findings, either through a... READ MORE

What’s the Worst That Can Happen? The Cost of a “Wait and See” AppSec Plan

sciccone's picture
By Suzanne Ciccone January 10, 2017  | Managing AppSec

In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now face regulatory fines by ignoring application security. But a “wait and see”... READ MORE

The Five Parts of Third-Party Application Security

gjames's picture
By Griff James January 5, 2017  | Managing AppSec

Third-party application security assurance is an essential part of a mature IT security program. While it’s true that every company today is a software company, the majority of applications within an enterprise’s application portfolio will be developed by third parties – often as off-the-shelf products.  A study by Quocirca found that the average enterprise has roughly 600... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

jzorabedian's picture
By John Zorabedian January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

Airbags and AppSec: Changing the Mindset on Software Security

cwysopal's picture
By Chris Wysopal December 13, 2016  | Managing AppSec
Seat belts and appsec, will software security ever become a requirement?

In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts,... READ MORE

Developers' Holiday Wish List: Make Yourself More Popular Than Santa

amcguinness's picture
By Amanda McGuinness December 8, 2016  | Managing AppSec
Developer gifts from security

With the holidays fast approaching, you are probably starting to think about what gifts to get for your family, friends and colleagues. This can be a daunting task – especially if the only answer you get to gift queries is "Oh I don't really want anything" or "You don’t have to get me anything! - even though they really do. (P.S., you’re all getting candles... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu