top-3-reasons-appsec-programs-fail-veracode.jpg The main hurdle that prohibits organizations from embarking on an advanced application security program is knowing where to start. But once you’ve figured out your starting point and your key metrics, and worked with groups in your enterprise to create a strategy, your program still isn’t guaranteed to be a success. There... READ MORE›
In the grand scheme of an enterprise’s life, one year isn’t a long time. Especially when you are talking about designing, implementing, iterating and improving an application security program. But that is the amount of time one financial services company took to create and improve their application security program. Upon speaking with the project manager I was most struck by his... READ MORE›
hands-coffee-cup-apple.jpg Effective application security — AppSec — isn't easy. As noted by eWeek, payment apps on both iOS and Android devices lack not only encryption but are at risk of tampering, which "could potentially enable an attacker to reroute funds." Despite the challenge of tracking down and securing vulnerabilities, however, many companies... READ MORE›
When beginning your application security journey, one of the most valuable actions you can take is to learn from the experiences of those who have gone before you. Yet the sensitive nature of security and the fear of becoming a target of hackers have led most enterprises to resist sharing their stories publicly. Some have shared their tales in closed-door meetings and exclusive events like the... READ MORE›
How much should an organization spend on application security? Cybersecurity experts are often willing to break budgets when it comes to protecting critical applications, arguing that prevention is worth millions in cure. Meanwhile, C-suite executives are often less convinced by this kind of proactive thinking, instead opting to spend on AppSec only when demonstrable threats are on the horizon.... READ MORE›
With the application layer becoming a popular attack vector for intruders, and defensive methods to combat it constantly evolving, it's easy to see why application security testing (AST) services play such a large role in digital security. In fact, it has become so prominent that the question shouldn't be whether a company should adopt an AST service to keep its operations and data secure... READ MORE›
Breaches are bad business. In 2015, this basic tenet of digital security is clear-cut common sense. After all, bad things happen when bad guys steal your property. What's less clear is the quantifiable cost of a data breach, both in terms of the intrusion's economic toll and the underlying factors that play into the loss. This is where the expert insight comes in. "The Business and... READ MORE›
Security is a game of advancements. All too often, the adversarial relationship between attackers and defenders pushes that game to a breakneck pace. Whichever side is on the leading edge of the technological curve won't have an advantage for long. While this dynamic can spur organizations to be consistently vigilant, at least on the white hat side, it can also lead to the assumption that a... READ MORE›
The increase in the number of corporate-targeted cyberattacks over the past few years, combined with an increase in the complexity of those attacks, has caused cybersecurity to be scrutinized in the boardroom like never before. As seen with major shake-ups among corporate leaders following massive data breaches, CEOs and other top leadership are now fully invested in the overall security health... READ MORE›
A security organization has set up threat modeling. They have implemented static, interactive and dynamic application security testing. All of them are reporting vulnerabilities. What happens next? How does an organization handle all these findings? Vulnerability management is the process of categorizing and remediating threats, and this process needs to be a collaboration between software... READ MORE›