Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Security at DevOps Speed: How CA Veracode Reduces False Positives

jjanego's picture
By Jon Janego November 27, 2017
How CA Veracode ensures accurate AppSec testing results

Application security solutions that slow or stall the development process simply aren’t feasible in a DevOps world. AppSec will increasingly need to fit as seamlessly as possible into developer processes, or it will be under-used or overlooked. But overlooking AppSec puts your organization at high risk of a damaging breach. Our most recent State of Software Security report (which is based on our... READ MORE

Not All Vulnerabilities Are Created Equal

ppourmousa's picture
By Pejman Pourmousa November 15, 2017  | Managing AppSec
Prioritize which software vulnerabilities to fix first

You wouldn’t be very effective if you didn’t prioritize your to-do list. Treating “prep for board meeting tomorrow” and “organize in-box” with the same level of urgency would slow you down at best, seriously impact your job performance at worst. Similarly, neglecting to prioritize your application security “to-do list” will slow your progress, or prevent it altogether. Even the best application... READ MORE

Will PCI Evolve Alongside Software Development Trends?

boshea's picture
By Brittany O'Shea November 13, 2017  | Managing AppSec
News from PCI Community Meeting

This week, I caught up with Joseph Feiman, Veracode’s Chief Innovation Officer and former Gartner analyst of 18 years, to discuss some of his key takeaways from the PCI Europe Community Meeting, which took place in Barcelona on October 24-26th. The three-day international seminar gathered community figures and merchants and members of the Council to share updates and insights on current trends... READ MORE

Application Security Policy: Might Need to Revisit as DevOps Emerges

ppourmousa's picture
By Pejman Pourmousa November 6, 2017  | Managing AppSec
AppSec policies need to adjust to a DevOps world

I’ve worked in program management at Veracode for the past six years, and during that time, I have seen a lot of different approaches to deploying AppSec policies. Typically, the security team (CISO/CIO led) deploys an AppSec policy that applies to developers and engineers. However, with the rapid change in the ways software is developed and released, most of the security policies that were... READ MORE

How CA Veracode Products Secure the Coding Stage

sciccone's picture
By Suzanne Ciccone November 2, 2017  | Managing AppSec
How CA Veracode products fit in the dev stage

This is the first in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from development to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations secure their applications, we’ve learned that... READ MORE

How to Connect With AppSec and Developer Peers in the Veracode Community

jzorabedian's picture
By John Zorabedian October 31, 2017  | Managing AppSec
Reasons to Join the Veracode Community

Security professionals and developers have different roles, responsibilities, and skills, but a common goal in securing applications. Yet there aren't many places to connect with peers, who are among your best resources for solving AppSec and DevSecOps challenges. That's why we created the Veracode Community. The Veracode Community is a destination for developers and AppSec professionals to share... READ MORE

Podcast: Would A National Data Breach Disclosure Law Create Clarity or Confusion?

lpaine's picture
By Laura Paine October 20, 2017  | Security News

WannaCry and Petya, among other high-profile breaches, have sparked new conversations at CA Veracode around the potential value of cybersecurity and data breach disclosure legislation. Certainly, data breach disclosure requirements are popping up in just about every state, not to mention global standards, such as GDPR. Although they all insist on timely disclosures, their requirements, rules and... READ MORE

Podcast: What the Apache Struts 2 and the Irish Potato Famine Have in Common

sciccone's picture
By Suzanne Ciccone September 28, 2017  | Managing AppSec
Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Will Websites Be the Next Target of Ransomware Attacks?

cdomoney's picture
By Colin Domoney September 28, 2017  | Managing AppSec
Will websites be the next ransomware target?

Recent research by Wordfence indicates that Wordpress might be the next big ransomware target. Wordfence found that certain Wordpress plugins exhibit malicious behaviour in the form of ransomware against the host website. Typically, these plugins will encrypt the data on the website, thereby rendering it non-functional, and then attempt to extort payment from the owner in order to decrypt the... READ MORE

Introducing the New Veracode Community

amay's picture
By Asha May September 26, 2017  | Managing AppSec
Veracode Community

We’re excited to announce the public launch of our new Veracode Community – a central destination for developers and security professionals to exchange best practices, and discuss trends in AppSec and secure development. As businesses continue to increase their reliance on software, you’re feeling pressure for faster version releases, while simultaneously reducing the risk of a breach. The... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu