Security's Weak Communications Skills Can Undermine Safety

eschuman's picture
By Evan Schuman September 23, 2016  | Security News
Communication takes effort and time, poor communication will hinder results!

It's hardly a revelation that hardcore security veterans are not at the pinnacle of clear communication. And the more technical the talent, in general, the weaker the communication. For most in IT and almost everyone in corporate outside of IT, this is generally dismissed as a fact-of-life. But I've recently started to wonder if this isn't a bigger problem and one that can undermine... READ MORE

Developer vs. Hacker: Two Sides of the Same Coin?

jzorabedian's picture
By John Zorabedian September 21, 2016  | Secure Development
How much do hackers and developers have in common?

Years ago, when I started my career as a writer, I became a journalist dedicated to informing people and serving the public interest. Later, I became a writer in a marketing role, dedicated to creating content that informs prospects and serves customers. I call upon the same skills to write blog posts and whitepapers that I once did to write news articles. Likewise, journalists may use their... READ MORE

Could How A Shopper Types Be The Best Authentication?

eschuman's picture
By Evan Schuman September 20, 2016  | Security News

It's not what you say, but how you say it. That piece of advice, which has given to countless politicians and executives over the decades, might be the premise behind an intriguing knew approach to biometric authentication. Although to be precise, it's closer to "It's not what you type, but how you type it." The value of any authentication system is based on a balancing act... READ MORE

Evolution Toward DevSecOps: Failures and Successes

jfeiman's picture
By Joseph Feiman September 13, 2016  | Secure Development

As we outlined in the previous blog post, DevOps is in danger of not being properly secured unless it adopts technologies specifically designed for that purpose. Traditional application security technologies were not designed to work in a DevOps environment. Even from DevOps name, it is obvious, that DevOps-enabling tools should be designed for Development and Operations specialists. And for some... READ MORE

Why Age Verification Needs To Be A Key Part Of Your Security Strategy

eschuman's picture
By Evan Schuman September 8, 2016  | Security News
Age verification is an important part of security planning.

Not only is e-commerce being radically changed due the mobilization of shoppers, but it's disproportionately happening with younger consumers. At the same time, law enforcement and government regulatory attention is being focused on age violations. And yet, the vast majority of companies have age-verification systems that provide almost no legal protections. Consider Facebook's recent age... READ MORE

Cyber Second Podcast: Cyberwar has a history not just a future

jlavery's picture
By Jessica Lavery September 6, 2016  | Security News
Learn the history of cyber war.

Cyberwar – the term conjures images of futuristic warriors battling for control of Earth ala the Terminator or the Matrix. But the truth is cyberwar is just as much a part of our national history as it is a potential future crisis. And as the old adage goes “ what has happened before will happen again”. The main difference between the cyberwar of the past and the one of today... READ MORE

If Security Isn't A Priority For Appdev, What Chance Does A Deployed App Have?

eschuman's picture
By Evan Schuman September 1, 2016  | Secure Development
Educating developers about secure coding should be built in from the start.

One of the biggest security threats is that enterprise mobile app testing is overwhelmingly focused on functionality and not security. Pen testing of apps to see what data they—or some third-party app it is integrated with—are actually retaining is hardly ever done prior to deployment, if then. Why? It's simply not in the mindset of line-of-business managers. They want/need the... READ MORE

Introducing Dynamic Vulnerability Rescan: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 29, 2016  | Managing AppSec
Introducing Dynamic Rescanning from Veracode

As an application owner, you have the task of staying abreast of the security issues in critical applications soon to hit production. You need a workflow that allows you to quickly identify that vulnerabilities identified in a full dynamic scan have been addressed by development. You also have to produce a report to the business listing the vulnerabilities that have been addressed and those that... READ MORE

The Language of AppSec

bpitta's picture
By Brian Pitta August 26, 2016  | Managing AppSec
Language differences in application security.

Everyone has weird language issues they just can’t get right – mine is ordering at Starbucks. If the store doesn’t have sizes on display that I can awkwardly point to, I end up panicking, ordering a “tall,” and walking away disappointed with my small coffee. Starbucks and I just can’t speak the same language (yes, it’s my fault). This problem of speaking... READ MORE

Why DevOps Is Not DevSecOps

jfeiman's picture
By Joseph Feiman August 25, 2016  | Intro to AppSec

The IT industry has long welcomed DevSecOps, yet it is still poorly adopted. Gartner tellingly defines its status as: “Trough of Disillusionment.” What is inhibiting adoption? For the answer, look at its definition, and you will sense something odd. It is defined as a set of processes, people, methods, models, policies, culture, recipes, blueprints and templates.  This list... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.