Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Veracode’s Journey to DevOps: Waterfall and Push Nights

jzorabedian's picture
By John Zorabedian April 19, 2017  | Secure Development
Waterfall and Push Nights

When I started working at Veracode in 2006, we were developing software the way I had for over 15 years – we were using Waterfall. It would be six years before we moved away from Waterfall and took the Agile plunge, and even longer before we got to DevOps. Looking back, I wonder how much farther along we’d be today if we had adopted the Agile methodology, which at that time was... READ MORE

The Surprising Compatibility of Unit Tests and Rapid Prototyping

akaufman's picture
By Adam Kaufman April 12, 2017  | Secure Development
Unit tests and rapid prototyping

This is not a blog post about the usual line on unit tests. They're good. They help you catch problems very early in the development process. High coverage numbers speak well for your codebase. These are all generally true statements and their complexities have been adequately covered elsewhere. This is also not a blog post about test-driven development (TDD) or any of its related concepts.... READ MORE

Give Developers Training That Actually Helps

Developer training that helps.

Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the bookstore to purchase books on the technologies that I was using. These books were hundreds... READ MORE

Leading the Transformation of Secure Software Development for our Application Economy

cwysopal's picture
By Chris Wysopal April 5, 2017  | Secure Development
Transforming the application economy.

When Christien Rioux and I started Veracode more than ten years ago, we did so with the mission of securing the world’s software. We believe all software should undergo some level of security testing. Throughout our history that mission remained constant despite the rapid evolution of how software was built, bought and deployed. You see, though the world was changing, it changed in such a... READ MORE

The Princess and the Dragon: A Modern AppSec Fairy Tale

pherzog's picture
By Pete Herzog March 30, 2017  | Secure Development
Vulnerability vs Threat

Do you know the story about the princess who saved her kingdom from a dragon? I'd be surprised if you heard of this particular fairy tale, because I invented it to teach a lesson about secure software development. In this story, a king sacrificed poor children to appease a dragon, which is not a very nice thing for a king to do. But the important part is why he thought this was a good way to... READ MORE

10 Gadgets and Skills of Superhero Developers [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian March 27, 2017  | Secure Development
Superhero Developer Skills

Developers perform heroic feats every day, frequently at night, and sometimes on weekends. You might not always get the recognition you deserve, but you still need to keep your skills sharp to survive in a fast-moving Agile or DevOps shop. When you master the skills and tools you need to do your job well, you'll get an uplifting confidence from self-improvement, feel empowered to try new... READ MORE

It's Time to Stop Blaming Developers for Insecure Software

mrunkle's picture
By Matt Runkle March 3, 2017  | Secure Development
Securing DevOps

In two-plus years on the security consulting team at Veracode, and in my prior experience as a security researcher and software developer, I've heard this phrase countless times: "Developers are the biggest cause of security defects." Sure, developers are the ones actively implementing the application – but they’re not the only ones involved in creating software. Lots of... READ MORE

How to Help Developers Accept and Embrace Security Testing

jjastrzebski's picture
By Jim Jastrzebski February 14, 2017  | Secure Development
Developers and Security Testing

In previous posts in this blog series, I've explained that AppSec teams should have empathy for developers as they go through the stages of grief after an unfavorable security assessment of their code. In this post, we wrap up by discussing how to get developers to move through the final two stages – from bargaining to acceptance. Bargaining: "We have a firewall that handles this.... READ MORE

A Developer’s Stages of Grief After a Failed Security Assessment

jjastrzebski's picture
By Jim Jastrzebski February 13, 2017  | Secure Development
Developer's Stages of Grief

After nearly 10 years as a security consultant, I've talked to thousands of developers about remediating security flaws in their code. It's not always an easy conversation, and developers have a wide range of emotional reactions, not all of them good. The fact is, developers are increasingly responsible for quality assurance and security testing of their code, tasks that didn’t used... READ MORE

AppSec Managers Should Have Empathy for Developers

jjastrzebski's picture
By Jim Jastrzebski February 10, 2017  | Secure Development
Empathy for developers

Developers don't always respond well to security assessments that highlight flaws in their code. With a little bit of empathy, it's not hard to understand why developers might react with frustration, annoyance, or even hostility. Security testing should be a dispassionate and routine part of the software development lifecycle – application security professionals will tell you it... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu