How Often Should You Assess Apps for Security?

sciccone's picture
By Suzanne Ciccone October 28, 2016  | Intro to AppSec
Scan code continuously.

Those new to AppSec might wonder – how often do I have to test my apps for security? One school of thought is: do a one-time scan of all or most apps in production, fix the most egregious defects and either consider security testing “done” – or maybe schedule another scan in several months, even for the next year. The problem with this model is that it doesn’t work... READ MORE

Bridging the Cybersecurity Information Gap in Higher Education

amcguinness's picture
By Amanda McGuinness October 25, 2016  | Security News
To fix the security skills gap, we need to go back to school.

Cybersecurity professionals are some of the most highly sought after candidates in the job market. With most businesses taking advantage of web applications to streamline their operations, every company is a software company - and they all need security. Before now, the position of security professional remained a bit cryptic. More traditional roles in marketing or sales demonstrated obvious... READ MORE

Questions You Should be Asking Your Application Developer Candidates

bcardinale's picture
By Brian Cardinale October 19, 2016  | Secure Development
What questions do you ask a developer applicant to determine security competence.

Old habits die hard. The following questions will help you avoid hiring developers with bad habits. Developers with bad habits are prone to baking in those habits into the overall application architecture. There are two fronts in the war of protecting your applications. The first front is reactive. It is your code maintainers patching flaws in old code bases. The second front is happening right... READ MORE

Why Even Google Is Susceptible to the Most Basic Website Vulnerabilities

jzorabedian's picture
By John Zorabedian October 19, 2016  | Secure Development
Google vulnerable to insecure code.

This week’s National Cyber Security Awareness Month theme of “recognizing and combating cybercrime” brings up an elementary but crucial point about why our efforts to fight cybercrime seem inadequate for the challenge: it can be really difficult to fix what’s broken even when we know exactly what the problem is. Here’s an example. When a sick patient comes to a... READ MORE

Veracode’s CISO on the Journey from Compliant to Secure

bbrown's picture
By Bill Brown October 18, 2016  | Managing AppSec
A CISO's journey from compliant to secure.

As a relatively new CIO with responsibility for information security, I remember agonizing about making sure we could pass the latest compliance test. The whole process was wrought with inefficiencies, with different teams responding with evidence for similar control objectives associated with different control standards. It was death by a thousand controls. It didn’t matter which standard... READ MORE

Message Encryption Is Great—Depending On Who Has The Key

eschuman's picture
By Evan Schuman October 14, 2016  | Security News
Message encryption.

Corporate execs are understandably worried these days about all of their electronic communications. Whether messages can be intercepted by corporate spies working for the opposition, government investigators snooping for terrorists or cyberthieves looking to steal what they can get, anything that is intercepted can wind up somewhere else. See Edward Snowden. It's therefore quite... READ MORE

AppSec: From the Breakroom to the Boardroom

sciccone's picture
By Suzanne Ciccone October 14, 2016  | Intro to AppSec
Appsec should be on the mind of every department.

Application security is an emerging and critical aspect of a security program; however, all AppSec attitudes are not created equal. Unlike other security initiatives, application security affects a lot of different people in your organization – and in different ways. A developer’s attitude toward and concerns about an application security program will not be the same as a member of... READ MORE

DevOops Redux: A Chat with Chris Gates and Ken Johnson

ndupaul's picture
By Neil DuPaul October 12, 2016  | Security News

This week at OWASP AppSec USA there's a schedule packed with great sessions focusing on devops, shifting left, automation and more. I was lucky enough to get some time from Chris Gates, Sr Security Engineer, Uber and Ken Johnson's, CTO nVisium, busy schedule to ask them a few questions related to their session at AppSec, DevOops: Redux - a defense oriented follow up to their popular talk... READ MORE

Five signals that the future is strong for Boston’s Women in Tech

mloughlin's picture
By Maria Loughlin October 11, 2016  | Security News
RevBoston 2016 Badass Women

This weekend I was among 21 women recognized as a Rev Boston “Badass” woman in tech. My co-honorees and I are senior leaders in tech who work at landmark institutions (e.g. Boston Children’s Hospital), high-flyer local companies (e.g. Veracode, WayFair, HubSpot, Carbon Black, CarGurus), as well as mid-size and tiny startups (e.g. Toast, Drizly, TetraScience, clypd,... READ MORE

Has The Media Finally Figured Out The Importance Of App Security?

eschuman's picture
By Evan Schuman October 7, 2016  | Security News
Image of crowd of press representatives.

It certainly has taken long enough, but it seems like non-tech media outlets have figured out that applications make wonderful entry points for cyberthieves. Given the layers of complexity that many enterprise apps feature today, it's hardly surprising that they boast massive security holes. That message seems to be finally sinking in. Consider just a few recent media reports, from NBC News... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.