Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

6 Tips for Transforming Technology to Achieve DevSecOps

jzorabedian's picture
By John Zorabedian June 21, 2017  | Secure Development
DevSecOps Technology

The goal of DevSecOps is to build a bridge between fast and secure software development. Some in the DevOps and AppSec universe maintain that the primary foundations of a DevOps or DevSecOps initiative are the right mindset about quality, and processes that support continuous improvement and learning at velocity. Yet you cannot achieve DevSecOps without the right technologies for integrating... READ MORE

Anatomy of a Cross-Site Scripting Flaw in the Telerik Reporting Module

Telerik Reporting Cross-Site Scripting Vulnerability

One of the interesting aspects of working as a Veracode Application Security Consultant is seeing the wide range of code across many business sectors. On an average day, I could look at some COBOL code twice my age in the morning, and by lunch I’m exploring a large .NET MVC app, before transitioning to review a self-deploying microservices package comprised of Java, node.js, and a little PHP for... READ MORE

How to Hire and Build Developers Into Full Spectrum Engineers

pchestna's picture
By Pete Chestna May 31, 2017  | Secure Development
Hiring and Training Full Spectrum Engineers

As you look at candidates for your DevOps teams, it’s critical to find developers who exhibit qualities of a full spectrum engineer – generalists who can do it all. You need people who will add velocity and not be dependent on others to complete their work. It’s likely that you will not find someone who has every skill you need, so look to find people with the potential to grow and learn at speed... READ MORE

Security Starts With a Scope: Answer These Questions Before You Code

pherzog's picture
By Pete Herzog May 30, 2017  | Secure Development
Security Starts With Scope

Have you ever walked into a room to get something and the moment you got there you forgot what it was that you wanted? That memory glitch is caused by a refresh in your working memory that happens when you enter a new space or environment. Apparently the evolutionary algorithm at work in humans developed this way to increase your situational awareness and keep prehistoric you from becoming a... READ MORE

5 Things Developers Need to Thrive as a Full Spectrum Engineer

pchestna's picture
By Pete Chestna May 24, 2017  | Secure Development
How to Be a Full Spectrum Engineer

The rise of DevOps has given rise to a new type of developer, what I call the full spectrum engineer (FSE). In my previous blog post in this series, I looked at the evolution of software development from requiring specialists to developers who can do it all. So what does it take to thrive in a DevOps environment and succeed as a full spectrum engineer? Here are five things you need to do to make... READ MORE

Get Ready for the Full Spectrum Engineer

pchestna's picture
By Pete Chestna May 18, 2017  | Secure Development
Full Spectrum Engineer

I’ve been a software engineer for over 25 years. Over that time, there has been a pendulum in the industry that swings between demand for developers as specialists or generalists. As new architectures, development methodologies, and organizational structures emerge, development teams need specialists. As technologies and methodologies become assimilated, developers need to adapt and incorporate... READ MORE

5 Simple Strategies for Building Security Into Your DevOps Process

DevSecOps Process

Securing any development framework – whether Waterfall, Agile or DevOps – requires changes of culture, process, and technology. But unlike the straightforward flow of Waterfall, where security comes at the end of the process, it's less clear where security fits in Agile and DevOps. As Securosis analyst Adrian Lane points out, Agile development includes "whatever work gets done in a sprint... READ MORE

Why Code Quality and Code Security Remain Two Separate Ideas

The OWASP Top 10 list of the most critical web application security risks is finally being updated for the first time since 2013. A release candidate was published in April 2017, and the most significant takeaway was what was not on the list; namely, anything new. This is the first update in four years, and the list of vulnerabilities has not changed substantially. The same vulnerabilities – some... READ MORE

The Changing Influence of Developers

jlavery's picture
By Jessica Lavery May 16, 2017  | Secure Development

Movies and television shows featuring software developers and ethical hackers would have you believe they are all anti-social shut-ins who care little about business, their careers or the impact their code has on the world. Instead they are focused almost solely on producing code for code’s sake. When they are shown as part of a business, these fictional developers are generally marginalized by... READ MORE

WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem

WannaCry Ransomware

In the wake of one of the largest-ever cyberattacks – the fast-spreading WannaCry ransomware, which hit over 300,000 computers in 150 countries – it’s important to look at what went wrong and how to prevent it from happening again. Yet as we look for lessons from this devastating attack, it would be a mistake to see WannaCry as just a really destructive form of ransomware – it is a sign of latent... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.