Securing DevOps: Enough With the Cynicism

jlavery's picture
By Jessica Lavery January 23, 2017  | Secure Development
Cynicism about devops is popular initially.

If an industry continuously talks about how a trend is going to be a hurdle, it becomes a hurdle. Conversely, if an industry views the trend as an opportunity and talks about it in such terms, thinking shifts toward the potential this trend brings for improvement. We are seeing this phenomenon with DevOps, but not in a good way. Security professionals are talking about the hurdles of securing... READ MORE

The Importance of Application Security: A Few of the Benefits and Risks

mfrancis's picture
By Melissa Francis January 19, 2017  | Intro to AppSec
Benefits versus risks of application security programs.

Application security is no longer optional; it has become an absolute necessity. With an increasing number of companies welcoming the idea of developing their own apps, in addition to purchasing record numbers of apps and incorporating open source code into their apps, the risks and vulnerabilities associated have also risen manifold. I’ve worked as a Security Program Manager at Veracode... READ MORE

Apple's Abandonment Of Its Own App Security Deadline Is Bad For So Many Reasons

eschuman's picture
By Evan Schuman January 16, 2017  | Security News

Have a great idea for the most effective way to make life easier for cyberthieves, especially those who are focused on ineffective app security. All you have to do is get one of the most powerful brands in computing to publicly declare a security deadline and then have it quietly withdraw that deadline on the eve of it being effective. For a terrific example of well this can undermine app... READ MORE

What’s the Worst That Can Happen? The Cost of a “Wait and See” AppSec Plan

sciccone's picture
By Suzanne Ciccone January 10, 2017  | Managing AppSec

In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now face regulatory fines by ignoring application security. But a “wait and see”... READ MORE

The Five Parts of Third-Party Application Security

gjames's picture
By Griff James January 5, 2017  | Managing AppSec

Third-party application security assurance is an essential part of a mature IT security program. While it’s true that every company today is a software company, the majority of applications within an enterprise’s application portfolio will be developed by third parties – often as off-the-shelf products.  A study by Quocirca found that the average enterprise has roughly 600... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

jzorabedian's picture
By John Zorabedian January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

FAQs About the New York DFS Cybersecurity Regulation

jzorabedian's picture
By John Zorabedian January 3, 2017  | Security News
New York DFS Cybersecurity Regulation

A new cybersecurity regulatory regime will go into effect this year in New York – the world’s financial capital and home to many banking, insurance and financial services organizations. The proposed cybersecurity regulation, known as 23 NYCRR 500, has grabbed the attention of impacted companies doing business in New York, and others who might be anticipating cybersecurity... READ MORE

Applications Have a New Role in Today’s Digital World: What Are the Security Implications?

sciccone's picture
By Suzanne Ciccone December 29, 2016  | Intro to AppSec
Role of applications in today's digital world.

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly... READ MORE

Where Pen Testing Belongs in Your Application Security Process

sciccone's picture
By Suzanne Ciccone December 29, 2016  | Intro to AppSec
What is manual penetration testing?

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can identify vulnerabilities that cannot be detected with automation, such as business logic flaws. Its... READ MORE

Application Security? But I Have a WAF!

TJarrett's picture
By Tim Jarrett December 28, 2016  | Intro to AppSec
Firewalls don't catch everything.

It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with it? Why should you spend time hunting down vulnerabilities in your code and figuring out how to fix them? The “appliance throwing... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu