Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

How CA Veracode Products Secure the Coding Stage

sciccone's picture
By Suzanne Ciccone November 2, 2017  | Managing AppSec
How CA Veracode products fit in the dev stage

This is the first in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from development to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations secure their applications, we’ve learned that... READ MORE

How to Connect With AppSec and Developer Peers in the CA Veracode Community

jzorabedian's picture
By John Zorabedian October 31, 2017  | Managing AppSec
Reasons to Join the CA Veracode Community

Security professionals and developers have different roles, responsibilities, and skills, but a common goal in securing applications. Yet there aren't many places to connect with peers, who are among your best resources for solving AppSec and DevSecOps challenges. That's why we created the CA Veracode Community. The CA Veracode Community is a destination for developers and AppSec professionals to... READ MORE

Podcast: Would A National Data Breach Disclosure Law Create Clarity or Confusion?

lpaine's picture
By Laura Paine October 20, 2017  | Security News

WannaCry and Petya, among other high-profile breaches, have sparked new conversations at CA Veracode around the potential value of cybersecurity and data breach disclosure legislation. Certainly, data breach disclosure requirements are popping up in just about every state, not to mention global standards, such as GDPR. Although they all insist on timely disclosures, their requirements, rules and... READ MORE

Podcast: What the Apache Struts 2 and the Irish Potato Famine Have in Common

sciccone's picture
By Suzanne Ciccone September 28, 2017  | Managing AppSec
Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Will Websites Be the Next Target of Ransomware Attacks?

cdomoney's picture
By Colin Domoney September 28, 2017  | Managing AppSec
Will websites be the next ransomware target?

Recent research by Wordfence indicates that Wordpress might be the next big ransomware target. Wordfence found that certain Wordpress plugins exhibit malicious behaviour in the form of ransomware against the host website. Typically, these plugins will encrypt the data on the website, thereby rendering it non-functional, and then attempt to extort payment from the owner in order to decrypt the... READ MORE

Introducing the New CA Veracode Community

amay's picture
By Asha May September 26, 2017  | Managing AppSec
CA Veracode Community

We’re excited to announce the public launch of our new CA Veracode Community – a central destination for developers and security professionals to exchange best practices, and discuss trends in AppSec and secure development. As businesses continue to increase their reliance on software, you’re feeling pressure for faster version releases, while simultaneously reducing the risk of a breach. The CA... READ MORE

How Third-Party and Open Source Components Build Hidden Risk Into Software

jzorabedian's picture
By John Zorabedian September 25, 2017  | Secure Development
Risk of software components

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source... READ MORE

The Seven Deadly Sins of Open-Source Libraries

mcurphey's picture
By Mark Curphey September 21, 2017

There are at least seven types of open-source library vulnerabilities that we should all be extremely concerned about. Before describing them it is worth reiterating that simply linking to a vulnerable library in your project doesn’t mean your application will have a vulnerability. That's FUD. You will only have a vulnerability if you are using the vulnerable methods of the vulnerable library in... READ MORE

Podcast: How to Fix the Widening AppSec Skills Gap

lpaine's picture
By Laura Paine September 21, 2017  | Security News
AppSec Skills Gap Podcast

The AppSec Skills Gap Is Widening Nearly 20% A Year. Here's How We Fix It. A recent survey from CA Veracode and DevOps.com found that the majority of IT and development professionals weren’t required to take security courses in college – and they’re not receiving the necessary training from their employers. So, we have to ask: where does the fault lie? Should universities ramp up their security... READ MORE

Security: Make a Commitment to Working With Development

cdomoney's picture
By Colin Domoney September 14, 2017
Security should commit to understanding dev processes

The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new understanding of developer priorities and processes. The security function cannot be effective in a... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu