Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Get Ready for the Full Spectrum Engineer

pchestna's picture
By Pete Chestna May 18, 2017  | Secure Development
Full Spectrum Engineer

I’ve been a software engineer for over 25 years. Over that time, there has been a pendulum in the industry that swings between demand for developers as specialists or generalists. As new architectures, development methodologies, and organizational structures emerge, development teams need specialists. As technologies and methodologies become assimilated, developers need to adapt and incorporate... READ MORE

5 Simple Strategies for Building Security Into Your DevOps Process

DevSecOps Process

Securing any development framework – whether Waterfall, Agile or DevOps – requires changes of culture, process, and technology. But unlike the straightforward flow of Waterfall, where security comes at the end of the process, it's less clear where security fits in Agile and DevOps. As Securosis analyst Adrian Lane points out, Agile development includes "whatever work gets done in a sprint... READ MORE

Why Code Quality and Code Security Remain Two Separate Ideas

The OWASP Top 10 list of the most critical web application security risks is finally being updated for the first time since 2013. A release candidate was published in April 2017, and the most significant takeaway was what was not on the list; namely, anything new. This is the first update in four years, and the list of vulnerabilities has not changed substantially. The same vulnerabilities – some... READ MORE

The Changing Influence of Developers

jlavery's picture
By Jessica Lavery May 16, 2017  | Secure Development

Movies and television shows featuring software developers and ethical hackers would have you believe they are all anti-social shut-ins who care little about business, their careers or the impact their code has on the world. Instead they are focused almost solely on producing code for code’s sake. When they are shown as part of a business, these fictional developers are generally marginalized by... READ MORE

WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem

WannaCry Ransomware

In the wake of one of the largest-ever cyberattacks – the fast-spreading WannaCry ransomware, which hit over 300,000 computers in 150 countries – it’s important to look at what went wrong and how to prevent it from happening again. Yet as we look for lessons from this devastating attack, it would be a mistake to see WannaCry as just a really destructive form of ransomware – it is a sign of latent... READ MORE

5 Stages of the DevOps Journey [INFOGRAPHIC]

DevOps maturity

As business success in the digital economy increasingly depends on software innovation, development teams are moving to faster and more frequent deployment, enabled by the shift from Waterfall to Agile and DevOps. Yet getting to DevOps doesn't happen overnight. It's a journey, with a gradual transformation of culture, technology, and processes along the way. If you're embarking on a DevOps... READ MORE

4 Ways to Build a DevSecOps Culture

Creating DevSecOps Culture

At the center of a successful DevOps initiative is a simple but often overlooked concept: Because developers drive the software agenda, developer participation is crucial for achieving a more secure framework. DevSecOps represents the next evolutionary step of secure software development, but even the best governance framework and leading-edge security tools can't get the job done if the... READ MORE

Veracode’s Journey to DevOps: Waterfall and Push Nights

pchestna's picture
By Pete Chestna April 19, 2017  | Secure Development
Waterfall and Push Nights

When I started working at Veracode in 2006, we were developing software the way I had for over 15 years – we were using Waterfall. It would be six years before we moved away from Waterfall and took the Agile plunge, and even longer before we got to DevOps. Looking back, I wonder how much farther along we’d be today if we had adopted the Agile methodology, which at that time was... READ MORE

The Surprising Compatibility of Unit Tests and Rapid Prototyping

akaufman's picture
By Adam Kaufman April 12, 2017  | Secure Development
Unit tests and rapid prototyping

This is not a blog post about the usual line on unit tests. They're good. They help you catch problems very early in the development process. High coverage numbers speak well for your codebase. These are all generally true statements and their complexities have been adequately covered elsewhere. This is also not a blog post about test-driven development (TDD) or any of its related concepts.... READ MORE

Give Developers Training That Actually Helps

Developer training that helps.

Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the bookstore to purchase books on the technologies that I was using. These books were hundreds... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu