Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

What Kind of Tools Do You Need to Secure Your Mobile Apps?

dstrom's picture
By David Strom May 3, 2016  | Secure Development

The days when everyone is chained to a fixed desktop computer are long over. But it isn’t just about being more mobile, or using more mobile devices, or letting your users bring their own devices and use them at work. It isn’t that the workday is no longer 9-to-5 and users expect to get their jobs done whenever and wherever they might be in the world. No, it is about moving to a completely new... READ MORE

How to Get More Done on AppSec Without Adding Staff

avohra's picture
By Arun Vohra April 27, 2016  | Managing AppSec

It doesn't take an army to reduce appsec risk - here are five ways you can get more out of a smaller team. We all know there is a shortage of skilled security professionals in the current marketplace, particularly as many organisations move to address their risk in the application security space. Application security is a higher priority for C-Level Executives these days. This is partly due... READ MORE

The Four(ish) Appsec Metrics You Can’t Ignore

TJarrett's picture
By Tim Jarrett April 11, 2016  | Managing AppSec

Metrics are important in application security, and not just because they allow us to quantify the otherwise unquantifiable work of reducing risk that application security teams do. Metrics provide us with a way to communicate the progress of an application security program, whether to a development team that needs encouragement, to senior management or the board who want to understand the value... READ MORE

Rails Engines: Magic or Curse?

jyeo's picture
By Jason Yeo April 5, 2016

Most Rails applications typically use a bunch of gems. Some of these gems may be Rails engines. Devise, Shoppe and RailsAdmin are examples of engines. The simple definition of an engine is a mini Rails application. When you include an engine in your Rails application, you are actually including an application in your application. Unlike gems that provide simple library code like Faker or... READ MORE

What Gets Measured Gets Done: a Motto to Live by in Application Security

jlavery's picture
By Jessica Lavery March 31, 2016  | Managing AppSec

Back in December, the CISO of a financial services company explained how he took his company’s application security program from 0-60 in 12 months. Now, that same CISO explains why measurement was a critical component to the program’s success. As we developed our application security strategy, gaining buy-in from various stakeholders was an essential part of making it a success. But,... READ MORE

When Rails' protect_from_forgery Fails

jyeo's picture
By Jason Yeo March 29, 2016

Cross-site request forgery (CSRF) protection has been around in the form of protect_from_forgery since Rails 2 but somehow it's also the most misunderstood feature in the Rails community. To many Rails developers, the protection might seem like magic and thus the details of how it works are ignored like a black box. In this blog post, I will open up the black box and show how, in some situations... READ MORE

9 AppSec Mistakes that are Poisoning Your Progress

Application security testing is an essential part of a global security strategy but if it is not done the right way it can poison your progress. Below I’ll explain the mistakes to avoid in order to test all your applications, find and fix the flaws whilst still creating a global application security programme. 1: Only testing the most critical apps In most cases companies believe that... READ MORE

The Six Types of Open-Source Library Vulnerabilities

mcurphey's picture
By Mark Curphey March 22, 2016

There are at least six types of open-source library vulnerabilities that we should all be concerned about. Before describing them it is worth reiterating that simply linking to a vulnerable library in your project doesn’t mean your application will have a vulnerability. You will only have a vulnerability if you are using the vulnerable methods of the vulnerable library in a vulnerable manner.... READ MORE

Why Application Security Is Better Than a Sharp Stick in the Eye

pherzog's picture
By Pete Herzog March 22, 2016  | Managing AppSec 10

I'm this security guy. I have a sweet resume with lists of security stuff I did. I got security skills certifications to show I can actually do security and not just be a moderately adequate opponent in Trivial Pursuit Security Edition. So people come to me and ask me to solve their security problems like, “Our client accesses our mojingle over the doobywassy blah blah hackers.”... READ MORE

How the Legal Department Can Improve Your Vendor Application Security Program

jlavery's picture
By Jessica Lavery March 16, 2016  | Managing AppSec

In order to keep up with the need for applications, companies are purchasing software at an accelerated rate. And if you are like most companies, your processes for vetting the security of your software is probably not very sophisticated. Most companies rely on questionnaires or even just a wink and a nod from the vendor’s account manager. Companies that recognize the risk introduced from... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu