Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Want To Know How Your Board Thinks About Cybersecurity?

jlavery's picture
By Jessica Lavery July 21, 2015  | Managing AppSec

The connection between cybersecurity and a company’s bottom line is crystal clear to board members — and they’re worried. In fact, according to a study conducted by the New York Stock Exchange and Veracode, more than 80 percent of corporate directors now discuss cybersecurity at most or all boardroom meetings. At the same time, a surprising 66 percent are not fully confident... READ MORE

Automate Security Testing to Blend In

pchestna's picture
By Pete Chestna July 13, 2015
Automate your code testing and integrate with IDEs.

In my last blog post I discussed developing a comprehensive security testing approach using multiple assessment techniques including binary static analysis, dynamic analysis, and manual penetration testing. Let’s take this approach to the next level by talking about automation and how to continue maximizing developers’ existing workflows and tools. Blending in with developers’ toolchains means... READ MORE

What is the State of Software Security in 2015?

eseymour's picture
By Eric Seymour June 22, 2015  | Managing AppSec

A Look at Industry Benchmarks: Gartner estimates that enterprises spent $12 billion securing their network perimeters in 2014 — 20 times more ($600 million) than they spent on securing the application layer[1]. At the same time, the threat surface available to cyberattackers is continuously expanding as enterprises increasingly rely on web, mobile and cloud applications to drive their... READ MORE

How Organized Was Your Heartbleed Response?

jlavery's picture
By Jessica Lavery June 2, 2015  | Managing AppSec

Heartbleed, Shellshock, FREAK, POODLE, VENOM – these are just some of the branded vulnerabilities that were disclosed in the past 18 months. With so many branded vulnerabilities coming out executives are paying more attention to application security. This is great, except that it also means CISOs and security professionals are under increased pressure to react to vulnerability disclosures,... READ MORE

Application Security: Why Skipping the Audit Can Risk Your Investment

nkobeissi's picture
By Nadim Kobeissi September 10, 2014  | Managing AppSec

mobile-programmatic.jpg It's all over the news lately: new, flashy apps make it out of the oven, get great press coverage—and are hacked days later. Even the satirically simple app Yo, which sends a "Yo" message to a user's friends, was a victim. In many cases, app developers could have easily avoided massive blows to their reputations by taking planned... READ MORE

5 Best Practices in Data Breach Incident Response

bbrown's picture
By Bill Brown August 26, 2014  | Managing AppSec

It goes without saying that all IT organizations should have an active Incident Response (IR) Plan in place – i.e. a policy that defines in specific terms what constitutes an information security incident, and provides a step-by-step process to follow when an incident occurs. There’s a lot of good guidance online about how to recruit a data breach response team, set initial policy,... READ MORE

Third Party Components and the OWASP Top 10 - Talking Code Part 6

Neil's picture
By Neil DuPaul October 8, 2013  | Managing AppSec

The latest episode of Talking Code sees our trio tackling the subject of third party components in software. They cover the upsides and downsides of using open source software and the addition of known vulnerable components to the OWASP Top 10. Every week we will be releasing another webisode of Talking Code but if you want to watch the whole series, simply fill out the form at this link and get... READ MORE

A CISO's Guide to Application Security - Featured Series

NLord's picture
By Nate Lord May 24, 2012

Over the past several weeks, Veracode Director of Marketing Fergal Glynn has been authoring a series on application security for security news blog Threatpost. Titled “A CISO’s Guide to Application security,” the five-part series focuses on defining application security, outlining the elements of a comprehensive appsec program, educating about application and software related risks, determining... READ MORE

Disclosures 2012: The Vulnerability of Publicly Traded Companies - Webinar Q&A Part 1

NLord's picture
By Nate Lord May 21, 2012  | Managing AppSec

Sam King, Veracode's EVP of Corporate Development, recently gave a webinar titled Disclosures 2012: The Vulnerability of Publicly Traded Companies. The webinar used Veracode's Study of Software Related Cybersecurity Risks in Public Companies, a featured supplement to the State of Software Security Report. In the webinar, Sam examined risk management and disclosure practices for public... READ MORE

Top Ten Java Frameworks Observed in Customer Applications

TJarrett's picture
By Tim Jarrett January 31, 2012  | Research

One of the great things about the Veracode platform is the insight we get from examining our anonymized customer data - not only information about the vulnerability landscape (as published in the State of Software Security report) but insight into the composition of the applications that we scan. As I alluded in my last post, one of the things we record when scanning applications is the presence... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu