Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Give Developers Training That Actually Helps

Developer training that helps.

Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the bookstore to purchase books on the technologies that I was using. These books were hundreds... READ MORE

What Does an Advanced Application Security Program Look Like?

sciccone's picture
By Suzanne Ciccone March 23, 2017  | Managing AppSec
an advanced application security program

This is the fourth and final entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded Advanced So, what does it look like when you reach the advanced stage? Based on... READ MORE

Your Next Steps if Your AppSec Program Is in the Expanded Stage

sciccone's picture
By Suzanne Ciccone March 16, 2017  | Managing AppSec
Expanded application security program

This is the third entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded (you're here!) Advanced If you are in the expanded application security stage, you... READ MORE

Beyond the Quadrant 2017

jlavery's picture
By Jessica Lavery March 15, 2017  | Managing AppSec
Beyond the magic quadrant - application security testing in 2017 and beyond.

This year’s Gartner Magic Quadrant for Application Security Testing₁ has published, and while many people read the report for the vendor assessments, the authors offered some insight into the overall application security market. In the report, first time AST Magic Quadrant authors Dionisio Zumerle and Ayal Tirosh commented that the “security testing is growing faster than any other... READ MORE

Lessons Learned Building an Application Security Team

cdomoney's picture
By Colin Domoney March 14, 2017  | Managing AppSec
Building an application security team.

In 2012, I joined a large investment bank in London to start and grow its application security programme from the ground up. My initial focus was on the selection of the best tool for the job; namely, a static code analysis scanner that could be deployed easily, and scale widely. Within a few months, I had access to the Veracode Application Security Platform, and I was ready to start scanning my... READ MORE

A Few of My Lessons Learned Building an AppSec Program

cdomoney's picture
By Colin Domoney March 13, 2017  | Managing AppSec

I recently joined Veracode after spending five years building an application security program from the ground up at a global investment bank. This experience gives me a unique perspective on the struggles and hurdles our customers are facing, and puts me in a position to share my lessons learned and provide helpful information and advice for those starting or managing a growing application... READ MORE

Your Next Steps if Your AppSec Program Is in the Baseline Stage

sciccone's picture
By Suzanne Ciccone March 9, 2017  | Managing AppSec

This is the second entry in a blog series that looks at each stage of an application security program’s maturity and outlines what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline (you're here!) Expanded Advanced If you are in the baseline application security stage,... READ MORE

Technologies Designed or Transformed for DevSecOps-Enablement

jfeiman's picture
By Joseph Feiman March 8, 2017  | Managing AppSec
DevSecOps-Enablement Technologies

As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against... READ MORE

Managing Flaw Review with a Large Multi-Vendor Application

cdomoney's picture
By Colin Domoney March 2, 2017  | Managing AppSec

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise, focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However, in a large enterprise, there are applications that are... READ MORE

How to Run a Successful Proof of Value for an Application Security Programme

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu