Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Security: Create a Development Champion

sciccone's picture
By Suzanne Ciccone March 13, 2018  | Secure Development
how to create a development champion on the security team

We talk a lot about the need for development teams to create security champions. With the shift to DevOps – and the intersecting of development, security, and operations teams – development and security teams can no longer operate in their traditional silos. Each team needs to not only work closely together, but also have a much deeper understanding of each others’ pains, processes, and... READ MORE

Adopting a More Secure Approach to Containers

Neil's picture
By Neil DuPaul March 6, 2018
Container Security

The complexities of developing secure software aren't lost on anyone in the business world. One tool development teams have used to adapt to today's challenging environment is software containers, which allow applications to run reliably on different platforms and systems.   Today, organizations use containers to address a wide range of development and testing tasks. What's more, as... READ MORE

What Developers Can Learn at the Upcoming DevSecOps Virtual Summit

Neil's picture
By Neil DuPaul February 14, 2018
DevSecOps - development

The shift to DevOps and DevSecOps has already happened, it's only a question of when we all catch up. Organizations in all industries are creating software not only faster, but also in more precise, collaborative and incremental ways than ever before. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50... READ MORE

What You Don’t Do for Secure Programming

pherzog's picture
By Pete Herzog February 1, 2018

The hardest part of growing up is that everything you’re allowed to do is communicated in a general sense and everything that you’re not allowed to do is enumerated specifically and in detail AFTER you’ve gotten in trouble for doing it. So you’re told things like, “Go play in the yard.” Yet you get chewed out for very specifically flooding the yard to play mud football. Apparently the lawn, the... READ MORE

AppSec in Review Podcast: How Developers Respond to Security Findings

jzorabedian's picture
By John Zorabedian December 5, 2017  | Secure Development | Research
AppSec in Review: How Developers Respond to Security Finding

We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and CA... READ MORE

What Developers Need to Know About the State of Software Security Today

jzorabedian's picture
By John Zorabedian November 28, 2017  | Research
State of Software Security Developer Guide

We recently published our annual research report, the State of Software Security, analyzing data from 400,000 application scans over 12 months spanning 2016 and 2017. Now we’re issuing a State of Software Security Developer Guide, featuring additional data and analysis aimed at helping developers meet the goal of creating great software that’s also secure software. This report offers the... READ MORE

OWASP Top 10 Updated for 2017: Here’s What You Need to Know

jzorabedian's picture
By John Zorabedian November 20, 2017  | Secure Development
OWASP Top 10 2017

For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community. This update went through two versions. After the initial release candidate in April 2017 got... READ MORE

How to Get Started With a CA Veracode Greenlight Free Trial

jworthington's picture
By Janet Worthington November 16, 2017  | Secure Development
CA Veracode Greenlight Free Trial

You never want to be the developer that wrote and submitted vulnerable code into production, especially if it leads to a data breach. Yet, in many organizations that have adopted DevOps practices, application security testing is shifting left into development. It’s far faster to catch and fix security flaws while you’re coding, than trying to go back and fix everything at the end of the process.... READ MORE

How Third-Party and Open Source Components Build Hidden Risk Into Software

jzorabedian's picture
By John Zorabedian September 25, 2017  | Secure Development
Risk of software components

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source... READ MORE

Top 3 Ways Veracode’s Integrations Make Developers' Jobs Easier

mloughlin's picture
By Maria Loughlin September 19, 2017  | Secure Development
Veracode integrations make development's job easier

As software increasingly plays a critical role in how organizations conduct business, we are seeing two trends emerge: 1. Organizations want more software produced faster. 2. Cyberattackers are finding software a more attractive target. For developers, all the above means that their jobs are changing. The need to get software out the door faster has led to a shift to DevSecOps – where software is... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu