Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Strategies for Rapid Adoption of a Security Programme Within a Large Enterprise

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

A large-scale deployment of the CA Veracode static code analysis platform across a large enterprise presents a number of unique challenges, such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14... READ MORE

Critical Capabilities that DevSecOps Technologies Should Demonstrate

jfeiman's picture
By Joseph Feiman February 28, 2017  | Managing AppSec
Critical Capabilities that DevSecOps Technologies Should Demonstrate

As we outlined in a previous blog post, security technologies, in order to fit DevOps and other agile development processes, should be at the fingertips of Dev and Ops professionals. Yet, neither group is necessarily proficient in security, security is not their priority, and security tools are often unintuitive to people outside the security industry. Cloud-based application security services (... READ MORE

Your Next Steps if Your AppSec Program Is in the Reactive Stage

sciccone's picture
By Suzanne Ciccone February 23, 2017  | Managing AppSec
Reactive application security programs should follow these steps.

This is the first blog in a series that will look at each stage of an application security program’s maturity and outline what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive (you're here!) Baseline Expanded Advanced If you are in the first stage and taking a reactive approach... READ MORE

How important is it to stay on top of the quickly evolving landscape of application security and application layer risk?

sciccone's picture
By Suzanne Ciccone February 9, 2017  | Managing AppSec

In a word, very. You simply cannot secure your application layer without being one step ahead of application security threats and solutions. The problem is that it’s almost impossible to keep up in the face of the current security skills shortage. In a report titled, “Hackers Wanted: An Examination of the Cybersecurity Labor Market,” the RAND Corporation states that: “It... READ MORE

My Advice to Software Vendors: Answer Security Questions Before Your Customers Start Asking

chausammann's picture
By Christine Hausammann January 27, 2017  | Managing AppSec
Answer Security Questions Before Your Customers Start Asking

Companies that sell software for a living are gradually facing more and more pressure to cough up proof of security for their products. Working on the business development team at CA Veracode, I’ve seen this tidal wave growing, and my best advice to software vendors is to be proactive. If you learn what to expect and how to answer different attestation requests, you’ll be ahead of... READ MORE

Introducing Automated AppSec Consultation Scheduling

anielsen's picture
By Anne Nielsen January 27, 2017  | Managing AppSec
Automated read-out call scheduling is now available!

Simplifying the process of getting CA Veracode’s help fixing security findings CA Veracode provides security experts on-demand to help developers make sense of the findings resulting from a security analysis – SAST, DAST, etc. These experts give developers context on CA Veracode’s scan results and provide advice on appropriate actions that would resolve the findings, either... READ MORE

What’s the Worst That Can Happen? The Cost of a “Wait and See” AppSec Plan

sciccone's picture
By Suzanne Ciccone January 10, 2017  | Managing AppSec

In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now face regulatory fines by ignoring application security. But a “wait and see” AppSec plan is also a... READ MORE

The Five Parts of Third-Party Application Security

gjames's picture
By Griff James January 5, 2017  | Managing AppSec

Third-party application security assurance is an essential part of a mature IT security program. While it’s true that every company today is a software company, the majority of applications within an enterprise’s application portfolio will be developed by third parties – often as off-the-shelf products.  A study by Quocirca found that the average enterprise has roughly 600... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

jzorabedian's picture
By John Zorabedian January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

Airbags and AppSec: Changing the Mindset on Software Security

cwysopal's picture
By Chris Wysopal December 13, 2016  | Managing AppSec
Seat belts and appsec, will software security ever become a requirement?

In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts,... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu