Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Play in the sandbox

pchestna's picture
By Pete Chestna July 29, 2015  | Secure Development

This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code against specific security and compliance policies. The sandbox is the way for individual... READ MORE

How a DevOps Team Can Transform Your Company

ewade's picture
By Evan Wade July 28, 2015  | Secure Development

At a conceptual level, you can compare most moderately complex businesses to the inner workings of a mechanical clock. They both require several parts moving in sync to function (think accountants, sales reps and marketing). Apply that analogy to the software development industry, and you have something resembling a cuckoo clock. Forgetting the countless integral external roles, core... READ MORE

In Software Development, Speed and Security Don't Have to Be Mutually Exclusive

jmontesi's picture
By John Montesi July 23, 2015  | Secure Development

Mention security and testing to a group of young developers, and you'll likely hear a lot of groans. It's not that the current generation of Agile-minded code hotshots is careless; rather, it's that the culture at most companies is one of speed and achievement. It's easier to celebrate milestones than it is to celebrate a lack of something, even if that something is a lack of... READ MORE

A Broad Look at DevOps: Why It Came to Be and How It's Changing the Development World

ewade's picture
By Evan Wade July 22, 2015  | Secure Development

If you've been working in development long at all, you've probably heard the term "DevOps" kicked around quite a bit — and if you work in a non-technical capacity, you probably ask yourself what the heck it is every time you see the word. The problem with answering this question is the term means different things depending on who you ask. Like most industry buzzwords, the... READ MORE

In DevOps Culture, Communication and Collaboration Are Key

ewade's picture
By Evan Wade July 21, 2015  | Secure Development

There's a reason DevOps culture values effective communication and collaboration so highly. In an industry where distributed offices full of crucial roles are the norm — and one where even departments within the same buildings tend to distrust one another — any improvement in the way people interact is bound to have some positive results, especially when so many moving parts need... READ MORE

How DevOps, Rapid Deployment and Security All Fit Together

ewade's picture
By Evan Wade July 20, 2015  | Secure Development

As the heir apparent to Agile, DevOps brings a lot of the methodology's traits to the table — including some of its flaws. Or, more accurately, its supposed flaws: As CA Veracode has shown, the security concerns associated with Agile are avoidable, and it's the same way with DevOps. In the context of rapid deployment, i.e., the main tentpole of DevOps philosophy, that can mean a few... READ MORE

New Gartner Report Highlights the Trend Toward DevOps

sdrew's picture
By Shawn Drew June 3, 2015  | Secure Development

Revolutionary advances such as the cloud, advanced analytics and expanding mobility have brought no small amount of change to IT departments around the world, as IT and project managers struggle to keep up with an increasingly demanding and nimble user base. In response to the need for a more agile transition between development and operations, these two traditionally siloed aspects of IT are... READ MORE

Reading the ENISA Threat Landscape 2014

ppaganini's picture
By Pierluigi Paganini April 8, 2015

The European Union Agency for Network and Information Security (ENISA) has published its annual report on the cyberthreat landscape, entitled ENISA Threat Landscape 2014. The document closely examines the evolution of top and emerging threats in 2014. It is considered by the security community to be a valuable analysis of principal threats. The ENISA report provides useful information that could... READ MORE

Charting a New Course for Secure Software Development

jrosenberg's picture
By Joanna Rosenberg March 25, 2015

The landscape of application software development is undergoing rapid transformation. New platforms for server and client, new development tools, new languages, newfound status, and new deployment methodologies mean the already quick pace of change has gotten faster.  In the meantime, developers must learn to chart this new course while building in and maintaining secure coding standards.... READ MORE

Exploit Profile: All About SQL Injection

ewade's picture
By Evan Wade January 26, 2015

You've heard it before, and you'll hear it again: SQL injection is no joke. Why the repetition? It's that serious a threat. As the number-one exploit on the OWASP Top 10 list of digital security issues (and one of the easiest attacks to successfully pull off), injection is a major tool for novice scripters and skilled hackers alike. With little more than basic knowledge and a sufficiently... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu