Surviving a Password Policy Perfect Storm

ahamilton's picture
By Andrew Hamilton December 27, 2016  | Intro to AppSec

As a security consultant, I see examples all the time of applications that don’t implement defense-in-depth to reduce the risk of account compromises. One area where this is especially problematic is password policy. Password policies can contribute to a strong application security strategy, or create a false sense of security while leaving user data and applications open to attack. Weak... READ MORE

Top Takeaways From Veracode’s Developer Survey

jzorabedian's picture
By John Zorabedian December 21, 2016  | Secure Development

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE

The Future of AppSec is DevSecOps

jlavery's picture
By Jessica Lavery December 19, 2016  | Secure Development
What's next for application security in 2017?

With 2016 coming to an end, we, like many companies, are reflecting on the trends of the past year. We are also looking outward to what the future holds for application security, and it has never been clearer that the future of application security will be tied to DevOps and integrating security into DevOps environments. As such, it is crucial that security becomes part of the entire software... READ MORE

What's the Worst That Can Happen? The Cost of a "Do Nothing" AppSec Plan

sciccone's picture
By Suzanne Ciccone December 19, 2016  | Intro to AppSec

Do you think you don’t need application security? Maybe you think application security is too complex, or too expensive. Maybe you think, we haven’t been breached yet, what are the chances? And even if someone tries, we have a WAF. It might seem more cost-effective to simply “do nothing” rather than invest in application security. But you should be aware that there is... READ MORE

You’re Invited: A DevOps Dinner Party

ktcampbell's picture
By Katie Campbell December 16, 2016  | Secure Development

With the holidays quickly approaching, I can’t help but think about all of the dinner parties just around the corner and the many hours of “forced family fun” as we like to call it in our house. Don’t get me wrong, I love all the dishes that get whipped up by my family members, but with that comes the fact that you need to sit around the dinner table … for hours... READ MORE

App Security Deserves Far More IT Respect

eschuman's picture
By Evan Schuman December 15, 2016  | Security News

App Security today is the Rodney Dangerfield of IT security. Everyone knows about it, but it gets no respect. Isn't it obvious that because apps are granted greater data-sharing with other apps and the ability to update itself—directly to the mothership—without IT signoff, that perhaps this should soar to the top of the danger list? Apparently not. Consider just a few examples... READ MORE

Airbags and AppSec: Changing the Mindset on Software Security

cwysopal's picture
By Chris Wysopal December 13, 2016  | Managing AppSec
Seat belts and appsec, will software security ever become a requirement?

In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts,... READ MORE

Holiday Short-Duration Sites Deliver Long-Duration Headaches

eschuman's picture
By Evan Schuman December 12, 2016  | Security News
Seasonal marketing websites are long term security risks if not properly inventoried!

The holiday season is now upon us, which means retail pop-up stores and seasonal sites. Those are all good for merchants, good for gift-seeking shoppers and potentially very good news for cyberthieves hoping for vulnerable sites that can fuel fraud. Why, you might ask, would a retailer with robust anti-fraud and other security measures forego those efforts for a seasonal site? First, they do and... READ MORE

Developers' Holiday Wish List: Make Yourself More Popular Than Santa

amcguinness's picture
By Amanda McGuinness December 8, 2016  | Managing AppSec
Developer gifts from security

With the holidays fast approaching, you are probably starting to think about what gifts to get for your family, friends and colleagues. This can be a daunting task – especially if the only answer you get to gift queries is "Oh I don't really want anything" or "You don’t have to get me anything! - even though they really do. (P.S., you’re all getting candles... READ MORE

Where Does Our AppSec Program Go From Here? Ask Yourself These Questions

sciccone's picture
By Suzanne Ciccone December 7, 2016  | Managing AppSec
How to improve your appsec program.

If you’ve just begun an application security program, but aren’t sure where to go next, here are a few questions to help point you in the right direction. Are you using more than one type of assessment technique? If not, how certain are you that your one method is locating every type of vulnerability? There is no application security silver bullet. If you’re only testing with... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu