Questions You Should be Asking Your Application Developer Candidates

bcardinale's picture
By Brian Cardinale October 19, 2016  | Secure Development
What questions do you ask a developer applicant to determine security competence.

Old habits die hard. The following questions will help you avoid hiring developers with bad habits. Developers with bad habits are prone to baking in those habits into the overall application architecture. There are two fronts in the war of protecting your applications. The first front is reactive. It is your code maintainers patching flaws in old code bases. The second front is happening right... READ MORE

Why Even Google Is Susceptible to the Most Basic Website Vulnerabilities

jzorabedian's picture
By John Zorabedian October 19, 2016  | Secure Development
Google vulnerable to insecure code.

This week’s National Cyber Security Awareness Month theme of “recognizing and combating cybercrime” brings up an elementary but crucial point about why our efforts to fight cybercrime seem inadequate for the challenge: it can be really difficult to fix what’s broken even when we know exactly what the problem is. Here’s an example. When a sick patient comes to a... READ MORE

Message Encryption Is Great—Depending On Who Has The Key

eschuman's picture
By Evan Schuman October 14, 2016  | Security News
Message encryption.

Corporate execs are understandably worried these days about all of their electronic communications. Whether messages can be intercepted by corporate spies working for the opposition, government investigators snooping for terrorists or cyberthieves looking to steal what they can get, anything that is intercepted can wind up somewhere else. See Edward Snowden. It's therefore quite... READ MORE

AppSec: From the Breakroom to the Boardroom

sciccone's picture
By Suzanne Ciccone October 14, 2016  | Intro to AppSec
Appsec should be on the mind of every department.

Application security is an emerging and critical aspect of a security program; however, all AppSec attitudes are not created equal. Unlike other security initiatives, application security affects a lot of different people in your organization – and in different ways. A developer’s attitude toward and concerns about an application security program will not be the same as a member of... READ MORE

DevOops Redux: A Chat with Chris Gates and Ken Johnson

ndupaul's picture
By Neil DuPaul October 12, 2016  | Security News

This week at OWASP AppSec USA there's a schedule packed with great sessions focusing on devops, shifting left, automation and more. I was lucky enough to get some time from Chris Gates, Sr Security Engineer, Uber and Ken Johnson's, CTO nVisium, busy schedule to ask them a few questions related to their session at AppSec, DevOops: Redux - a defense oriented follow up to their popular talk... READ MORE

Five signals that the future is strong for Boston’s Women in Tech

mloughlin's picture
By Maria Loughlin October 11, 2016  | Security News
RevBoston 2016 Badass Women

This weekend I was among 21 women recognized as a Rev Boston “Badass” woman in tech. My co-honorees and I are senior leaders in tech who work at landmark institutions (e.g. Boston Children’s Hospital), high-flyer local companies (e.g. Veracode, WayFair, HubSpot, Carbon Black, CarGurus), as well as mid-size and tiny startups (e.g. Toast, Drizly, TetraScience, clypd,... READ MORE

Has The Media Finally Figured Out The Importance Of App Security?

eschuman's picture
By Evan Schuman October 7, 2016  | Security News
Image of crowd of press representatives.

It certainly has taken long enough, but it seems like non-tech media outlets have figured out that applications make wonderful entry points for cyberthieves. Given the layers of complexity that many enterprise apps feature today, it's hardly surprising that they boast massive security holes. That message seems to be finally sinking in. Consider just a few recent media reports, from NBC News... READ MORE

What Sports Can Teach Us About Secure DevOps

jzorabedian's picture
By John Zorabedian October 6, 2016  | Secure Development
What sports can teach us about devops. View of crowded stadium.

It’s a special time of year for sports fans like me. After a great summer featuring the Olympics and the Euro Cup, it’s time once again for the Major League Baseball playoffs, while both of my favorite football leagues (NFL and Premier League) are well underway for the season. One of the things I love about sports is they seem to offer so many parallels to other aspects of life,... READ MORE

Software Grammar 101

amcguinness's picture
By Amanda McGuinness October 5, 2016  | Intro to AppSec
If only software had built-in code checking.

I am not a developer, I’m a writer. However, it has become clear to me that these two professions have more in common than I had originally thought. Really, we are doing the same thing - just in different languages, and to different ends. The gratification that comes from starting with a blank page, building something that didn't exist before, and achieving a purpose, is the same. I... READ MORE

How to Get Developers and Security to Win-Win This Cyber Security Awareness Month

jzorabedian's picture
By John Zorabedian October 5, 2016  | Security News

October is National Cyber Security Awareness Month (NCSAM), a commendable public-private initiative focused on training businesses and users in practicing better digital hygiene. If there’s one drawback to awareness programs like NCSAM, it’s the potential for awareness to spike in the short-term and fall off in the long-term. Without follow-up training and continuous learning,... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.