Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Embracing Security Analytics and Automation: The Scalability of Security

ewade's picture
By Evan Wade August 24, 2015  | Managing AppSec

Depending on your role within an organization, metrics and security analytics can be invaluable benchmarking tools. They can provide ways to improve performance (personal or organizational), as well as paths to more busywork. But whatever you think about them, it's a given that you work with them daily. The statement holds true no matter the size of your company. Tiny companies and... READ MORE

Are CISOs Spending Too Much Time Focusing on Technology?

jlavery's picture
By Jessica Lavery August 21, 2015  | Managing AppSec

Following the onslaught of high-profile cyberattacks reported in the past 12 to 18 months, cybersecurity has become a more frequent topic in board-level conversations. This has created a need for CISOs to better understand board member perceptions and become more effective at communicating their cybersecurity strategies. However, a new study from Deloitte's CISO Transition Lab found CISOs... READ MORE

Breaking Down HIPAA, PCI DSS and Third-Party Risk Management

ewade's picture
By Evan Wade August 17, 2015  | Managing AppSec

If a problem or process is best served by its own named department, chances are it's pretty important. Take compliance. While your company may or may not employ its own dedicated team of industry regulation experts, there's a good chance some product you build or service you offer brushes up against a set of outside rules — and if not, that the code or infrastructure you hire a... READ MORE

Automating Your Veracode Security Scans

Neil's picture
By Neil DuPaul August 13, 2015  | Managing AppSec
Automate security scans in your software development lifecycle, SDLC.

How Can I Save Time With Veracode Security Scans? At On-Line Strategies [OLS], many of the tools we use in our Software Development Lifecycle (SDLC) have helpful APIs, including Veracode. We leverage them to automate tasks that were once performed manually by developers or technical managers, such as running a Veracode static scan on a pending release. Today, our Veracode static scans run... READ MORE

The Scalability Challenge, Part Three: Web App Development and Securing the Perimeter

ewade's picture
By Evan Wade August 13, 2015  | Managing AppSec

For somewhere that doesn't technically exist, the perimeter can be a pretty scary place. A big place, too, at least for businesses that publish apps and use the Internet as a main tool of their day-to-day operations. Put the two problems together and you have one of the biggest security and web app development challenges facing businesses today. Veracode sums up this problem in its "... READ MORE

For CISO Evolution, the Three Cs Are Key

dbonderud's picture
By Doug Bonderud August 4, 2015  | Managing AppSec

Data breaches are on the rise. According to a recent Forbes article, more than 675 million records were compromised last year. What's more, these breaches weren't limited to a single sector: retail, financial and even post-secondary institutions were all victimized. That means IT security must evolve, and that evolution starts with the Chief Information Security Officer (CISO). In a new... READ MORE

The Big Talk: Explaining Cybersecurity to Your CFO

ewade's picture
By Evan Wade August 3, 2015  | Managing AppSec

Saying one thing and doing another isn't exactly a new practice in the business world. That doesn't mean it's a good thing, however, especially when it comes to cybersecurity. Take these disturbing numbers from a recent Deloitte study, for instance: 74 percent of CFOs say digital security is a top priority, but only about half of CFOs expect at least moderate business disruption from... READ MORE

Gartner Report Details the Value of Security Programs and Creating an Executive Link

dbonderud's picture
By Doug Bonderud July 29, 2015  | Managing AppSec

Cybersecurity is a now a top priority for board members. According to Help Net Security's report on a recent NYSE Governance Services/Veracode survey, over 80 percent of respondents said security was discussed at "most or all" boardroom meetings. But there's a disconnect: Sixty-six percent of those surveyed said they were "not fully confident their companies are properly... READ MORE

Beyond Breach Avoidance – Demonstrating the Value of Security

jlavery's picture
By Jessica Lavery July 28, 2015  | Managing AppSec

Making a case for more security can be a difficult task at any enterprise. Many executives incorrectly assume that the lack of a recent breach means the company is adequately secure. However, as the old adage goes, there are only two kinds of companies: those that have been breached, and those that don't know they've been breached. Additionally, in the not-so-distant past, the CISO's... READ MORE

The Scalability Challenge, Part Two: Maintaining Both Speed and Security in the Software Development Lifecycle

ewade's picture
By Evan Wade July 24, 2015  | Managing AppSec

Speed kills, but so does slowness. Those six words go a long way in explaining the complicated relationship between speed and security, not to mention a classic trade-off problem in the development world: Every organization needs to secure the software it's developing, but none can risk slowing its software development lifecycle in the process. In a lot of ways, however, this problem is as... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu