Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Think Your Data Leaks Are Limited To Your Databases? Think Again

eschuman's picture
By Evan Schuman July 7, 2016  | Security News

Security professionals spend an awful lot of time trying to protect sensitive corporate information, locking it away in virtual vaults, as they should. But they often neglect to protect the people who have the keys/combinations to those virtual vaults—in some cases, protecting those key-holders from themselves. This comes to mind as a recent story in The Intercept reminded us of how easy we often... READ MORE

Until We Prioritize Security Training, We Will Remain a Step Behind Cybercriminals

jlavery's picture
By Jessica Lavery June 22, 2016  | Secure Development

Where is your security money going? Typically, it lives at the edges of the network, in operations land. The big spends on items and services such as log aggregators and organizers, firewalls, and penetration testing are generally trusted buys. These are tried-and-true tactics that have withstood the tests of time. But time, as it were, has claimed many a security system. From the low-tech... READ MORE

Optimizing Software Management with a DevSecOps Approach

jlavery's picture
By Jessica Lavery June 15, 2016  | Secure Development

Let’s face it, building software is difficult. It’s mental gymnastics. When your developers are working hard, they’ve likely got at least two hours of ramp up time behind them. Bother them during their meditative state, and you’re resetting that clock, losing hours of potential work. There’s a flow to programming, and when you’re in the zone, the code comes quite freely. It’s those moments when... READ MORE

5 Things Devs Wish CISOs Knew About DevOps

The rapid adoption of DevOps practices in the enterprise has forced a lot of CISOs to rethink their security play books. Gone are the days of testing for security once software engineers are done developing a piece of software. With rapid iterations and continuous delivery of software there is no "done" anymore. Additionally, the fast-paced DevOps model gives engineers the power to... READ MORE

What Kind of Tools Do You Need to Secure Your Mobile Apps?

dstrom's picture
By David Strom May 3, 2016  | Secure Development

The days when everyone is chained to a fixed desktop computer are long over. But it isn’t just about being more mobile, or using more mobile devices, or letting your users bring their own devices and use them at work. It isn’t that the workday is no longer 9-to-5 and users expect to get their jobs done whenever and wherever they might be in the world. No, it is about moving to a completely new... READ MORE

Peripheral Security Issues Today Are Anything But Peripheral

eschuman's picture
By Evan Schuman April 25, 2016  | Security News

Last week, Microsoft issued an optional security alert relating to peripherals and specifically mice. Until the patch is implemented, Microsoft said, the peripheral could receive plain English—aka QWERTY—key packets in keystroke communications issued from receiving USB wireless dongles to the RP addresses of wireless mouse devices. This is a fine way for cyberthieves to hijack wireless mice and... READ MORE

Why is SQL Injection Still Around?

dstrom's picture
By David Strom April 4, 2016  | Secure Development

While there are many Web hacking exploits, none are as simple or as potentially destructive as SQL injection. This isn’t news: the attack method has been around for more than a decade. Sadly, for something so old it is still one of the most popular ways to penetrate networks and extract data. And it is easy to find and almost as easy to avoid. Why is SQL injection still with us? It all comes... READ MORE

That “Oh Crap” Moment of Product Management

anielsen's picture
By Anne Nielsen March 9, 2016  | Secure Development

How to avoid putting your customer’s data at risk... Nothing stinks worse for a product manager than hearing there is a security issue in the amazing feature you just released. Yes, that one you created specifically for your very important client. Telling your previously elated buyer that the new do-dad you created specifically for them – based on their unsolicited, but completely... READ MORE

Where AppSec has let me down

jcratty's picture
By Jeff Cratty February 24, 2016  | Intro to AppSec | Secure Development 5

There are a lot of great perks that come with being a developer.  On the upside, I enjoy the challenge of developing solutions to real world problems with peers in UX, PM, QA, Ops, etc.  I love the creative process and the energy a team has when we are firing in the same direction at the same time.  I love building the stuff and making the team hum.  I love that sense of... READ MORE

How to Train a Globally Distributed Development Team

alee's picture
By Amanda Lee February 10, 2016  | Managing AppSec | Secure Development

How companies with successful AppSec programs train globally distributed teams on secure development practices and security guidelines. Every large organization now has a complex and globally distributed software development process. It doesn’t matter whether your developers are in-house or out-sourced; based in Bangalore or Boston, the expectation is that quality, bug-free, secure software... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu