Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Answers to the Top 10 Customer FAQs

CA Veracode Customer FAQs

At CA Veracode, we work hard to support our customers in meeting the goals of your application security program. As a Manager of Customer Success Management (CSM), I work with our CSMs to help hundreds of customers beginning their journey to a mature AppSec program, and many who are just starting out with CA Veracode. CA Veracode Services and Support Teams hear a lot of the same questions from... READ MORE

Best Practices for the Adoption of Open Source Software

cdomoney's picture
By Colin Domoney May 26, 2017  | Managing AppSec
best practices for open source component use

In a previous blog post, I discussed the differing perspectives security and development teams have about the use of open source components. Taking these perspectives into account, what is the best way to enable the use of open source components in your organization? Forbidding their use entirely is not a viable option and, in fact, would be detrimental to both developers and the organization as... READ MORE

You’ve Got Smoke Detectors in the House, but I Bet You Still Don’t Store Gasoline in the Living Room

bfitzgerald's picture
By Brian Fitzgerald May 15, 2017  | Managing AppSec
the dangers of focusing only on detection in application security

“Detection and response” is the new approach to information security being championed by some of the leading analyst firms today. The theory is that, since we have failed to keep attackers from getting inside our networks, we’re better served getting tools that detect them once they are in, and help chase them back out again before they can do real harm. Nice idea, but completely wrong-headed.... READ MORE

Before You Outsource Code Development – Think About the Security Implications

sciccone's picture
By Suzanne Ciccone May 11, 2017  | Managing AppSec

Police in the Netherlands recently contacted more than 20,000 people who they suspect had their personal data stolen by a malicious web developer. This developer had built “backdoors” into applications he created for various businesses as a contractor. With the information he stole, it is alleged that he made online purchases, opened gambling accounts and impersonated victims' family members.... READ MORE

Development and Security Have Different Perspectives on Open Source Components

cdomoney's picture
By Colin Domoney May 9, 2017  | Managing AppSec
security and dev have differing opinions on open source components

Open source components are a blessing and a curse. From a developer’s perspective, they’re a no-cost way to speed the development process. But they can be a curse security-wise. Many open source components contain vulnerabilities that put the organization at risk of getting breached and failing compliance audits. In fact, recent CA Veracode research looked at all the Java applications we scanned... READ MORE

Regulations Surrounding Third-Party Software Security Are Increasing – How to Stay Compliant

sciccone's picture
By Suzanne Ciccone May 4, 2017  | Managing AppSec
security regulations surrounding third-party software

Developers are increasingly being pushed to create more code faster. As the speed of development increases, it becomes less feasible to create every application from scratch. In turn, the reliance on third-party applications and code increases as well. But this “short cut” comes with risk. Third-party applications and open source components frequently contain vulnerabilities, leaving... READ MORE

4 Ways to Build a DevSecOps Culture

Creating DevSecOps Culture

At the center of a successful DevOps initiative is a simple but often overlooked concept: Because developers drive the software agenda, developer participation is crucial for achieving a more secure framework. DevSecOps represents the next evolutionary step of secure software development, but even the best governance framework and leading-edge security & development tools can't get the job... READ MORE

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

HipChat Breached

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Cutting down on false positives with vulnerable methods for Ruby

asharma's picture
By Asankhaya Sharma April 20, 2017

Today we released vulnerable methods support for the Ruby language, adding to the existing support for Java and Python. Vulnerable methods analysis uses call-graph analysis to trace the actual use of the vulnerability in your projects. To understand the impact that vulnerable method support can have, we analyzed the top 1,000 starred Ruby projects on GitHub, and discovered that without vulnerable... READ MORE

Why Continuous Security is the Next Application Security Movement

mcurphey's picture
By Mark Curphey April 17, 2017

Today we launched a new company web site and have changed the way we talk about what we do. This is important because we believe that application security is in the midst of a transformational change. The old model of security was slow, contentious and typically applied as a series of quick fixes at the end of a development cycle or even after shipping. Even in the past this approach was more of... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu