Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

What is the State of Software Security in 2015?

eseymour's picture
By Eric Seymour June 22, 2015  | Managing AppSec

A Look at Industry Benchmarks: Gartner estimates that enterprises spent $12 billion securing their network perimeters in 2014 — 20 times more ($600 million) than they spent on securing the application layer[1]. At the same time, the threat surface available to cyberattackers is continuously expanding as enterprises increasingly rely on web, mobile and cloud applications to drive their... READ MORE

How Organized Was Your Heartbleed Response?

jlavery's picture
By Jessica Lavery June 2, 2015  | Managing AppSec

Heartbleed, Shellshock, FREAK, POODLE, VENOM – these are just some of the branded vulnerabilities that were disclosed in the past 18 months. With so many branded vulnerabilities coming out executives are paying more attention to application security. This is great, except that it also means CISOs and security professionals are under increased pressure to react to vulnerability disclosures,... READ MORE

Application Security: Why Skipping the Audit Can Risk Your Investment

nkobeissi's picture
By Nadim Kobeissi September 10, 2014  | Managing AppSec

mobile-programmatic.jpg It's all over the news lately: new, flashy apps make it out of the oven, get great press coverage—and are hacked days later. Even the satirically simple app Yo, which sends a "Yo" message to a user's friends, was a victim. In many cases, app developers could have easily avoided massive blows to their reputations by taking planned... READ MORE

5 Best Practices in Data Breach Incident Response

bbrown's picture
By Bill Brown August 26, 2014  | Managing AppSec

It goes without saying that all IT organizations should have an active Incident Response (IR) Plan in place – i.e. a policy that defines in specific terms what constitutes an information security incident, and provides a step-by-step process to follow when an incident occurs. There’s a lot of good guidance online about how to recruit a data breach response team, set initial policy,... READ MORE

Third Party Components and the OWASP Top 10 - Talking Code Part 6

Neil's picture
By Neil DuPaul October 8, 2013  | Managing AppSec

The latest episode of Talking Code sees our trio tackling the subject of third party components in software. They cover the upsides and downsides of using open source software and the addition of known vulnerable components to the OWASP Top 10. Every week we will be releasing another webisode of Talking Code but if you want to watch the whole series, simply fill out the form at this link and get... READ MORE

A CISO's Guide to Application Security - Featured Series

NLord's picture
By Nate Lord May 24, 2012

Over the past several weeks, Veracode Director of Marketing Fergal Glynn has been authoring a series on application security for security news blog Threatpost. Titled “A CISO’s Guide to Application security,” the five-part series focuses on defining application security, outlining the elements of a comprehensive appsec program, educating about application and software related risks, determining... READ MORE

Disclosures 2012: The Vulnerability of Publicly Traded Companies - Webinar Q&A Part 1

NLord's picture
By Nate Lord May 21, 2012  | Managing AppSec

Sam King, Veracode's EVP of Corporate Development, recently gave a webinar titled Disclosures 2012: The Vulnerability of Publicly Traded Companies. The webinar used Veracode's Study of Software Related Cybersecurity Risks in Public Companies, a featured supplement to the State of Software Security Report. In the webinar, Sam examined risk management and disclosure practices for public... READ MORE

What is OWASP? Guide to the OWASP Application Security Top 10

Neil's picture
By Neil DuPaul April 25, 2012  | Intro to AppSec 3

Every vibrant technology marketplace needs an unbiased source of information on best practices as well as an active body advocating open standards. In the Application Security space, one of those groups is the Open Web Application Security Project (or OWASP for short). OWASP operates as a non-profit and is not affiliated with any technology company, which means it is in a unique position to... READ MORE

Top Ten Java Frameworks Observed in Customer Applications

TJarrett's picture
By Tim Jarrett January 31, 2012  | Research

One of the great things about the Veracode platform is the insight we get from examining our anonymized customer data - not only information about the vulnerability landscape (as published in the State of Software Security report) but insight into the composition of the applications that we scan. As I alluded in my last post, one of the things we record when scanning applications is the presence... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu