Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Not All Vulnerabilities Are Created Equal

ppourmousa's picture
By Pejman Pourmousa November 15, 2017  | Managing AppSec
Prioritize which software vulnerabilities to fix first

You wouldn’t be very effective if you didn’t prioritize your to-do list. Treating “prep for board meeting tomorrow” and “organize in-box” with the same level of urgency would slow you down at best, seriously impact your job performance at worst. Similarly, neglecting to prioritize your application security “to-do list” will slow your progress, or prevent it altogether. Even the best application... READ MORE

Will PCI Evolve Alongside Software Development Trends?

boshea's picture
By Brittany O'Shea November 13, 2017  | Managing AppSec
News from PCI Community Meeting

This week, I caught up with Joseph Feiman, CA Veracode’s Chief Innovation Officer and former Gartner analyst of 18 years, to discuss some of his key takeaways from the PCI Europe Community Meeting, which took place in Barcelona on October 24-26th. The three-day international seminar gathered community figures and merchants and members of the Council to share updates and insights on current trends... READ MORE

Application Security Policy: Might Need to Revisit as DevOps Emerges

ppourmousa's picture
By Pejman Pourmousa November 6, 2017  | Managing AppSec
AppSec policies need to adjust to a DevOps world

I’ve worked in program management at CA Veracode for the past six years, and during that time, I have seen a lot of different approaches to deploying AppSec policies. Typically, the security team (CISO/CIO led) deploys an AppSec policy that applies to developers and engineers. However, with the rapid change in the ways software is developed and released, most of the security policies that were... READ MORE

How CA Veracode Products Secure the Coding Stage

sciccone's picture
By Suzanne Ciccone November 2, 2017  | Managing AppSec
How CA Veracode products fit in the dev stage

This is the first in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from development to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations secure their applications, we’ve learned that... READ MORE

How to Connect With AppSec and Developer Peers in the CA Veracode Community

jzorabedian's picture
By John Zorabedian October 31, 2017  | Managing AppSec
Reasons to Join the CA Veracode Community

Security professionals and developers have different roles, responsibilities, and skills, but a common goal in securing applications. Yet there aren't many places to connect with peers, who are among your best resources for solving AppSec and DevSecOps challenges. That's why we created the CA Veracode Community. The CA Veracode Community is a destination for developers and AppSec professionals to... READ MORE

Podcast: Would A National Data Breach Disclosure Law Create Clarity or Confusion?

lpaine's picture
By Laura Paine October 20, 2017  | Security News

WannaCry and Petya, among other high-profile breaches, have sparked new conversations at CA Veracode around the potential value of cybersecurity and data breach disclosure legislation. Certainly, data breach disclosure requirements are popping up in just about every state, not to mention global standards, such as GDPR. Although they all insist on timely disclosures, their requirements, rules and... READ MORE

Podcast: What the Apache Struts 2 and the Irish Potato Famine Have in Common

sciccone's picture
By Suzanne Ciccone September 28, 2017  | Managing AppSec
Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Will Websites Be the Next Target of Ransomware Attacks?

cdomoney's picture
By Colin Domoney September 28, 2017  | Managing AppSec
Will websites be the next ransomware target?

Recent research by Wordfence indicates that Wordpress might be the next big ransomware target. Wordfence found that certain Wordpress plugins exhibit malicious behaviour in the form of ransomware against the host website. Typically, these plugins will encrypt the data on the website, thereby rendering it non-functional, and then attempt to extort payment from the owner in order to decrypt the... READ MORE

Introducing the New CA Veracode Community

amay's picture
By Asha May September 26, 2017  | Managing AppSec
CA Veracode Community

We’re excited to announce the public launch of our new CA Veracode Community – a central destination for developers and security professionals to exchange best practices, and discuss trends in AppSec and secure development. As businesses continue to increase their reliance on software, you’re feeling pressure for faster version releases, while simultaneously reducing the risk of a breach. The CA... READ MORE

How Third-Party and Open Source Components Build Hidden Risk Into Software

jzorabedian's picture
By John Zorabedian September 25, 2017  | Secure Development
Risk of software components

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu