Apple's Abandonment Of Its Own App Security Deadline Is Bad For So Many Reasons

eschuman's picture
By Evan Schuman January 16, 2017  | Security News

Have a great idea for the most effective way to make life easier for cyberthieves, especially those who are focused on ineffective app security. All you have to do is get one of the most powerful brands in computing to publicly declare a security deadline and then have it quietly withdraw that deadline on the eve of it being effective. For a terrific example of well this can undermine app... READ MORE

What’s the Worst That Can Happen? The Cost of a “Wait and See” AppSec Plan

sciccone's picture
By Suzanne Ciccone January 10, 2017  | Managing AppSec

In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now face regulatory fines by ignoring application security. But a “wait and see”... READ MORE

The Five Parts of Third-Party Application Security

gjames's picture
By Griff James January 5, 2017  | Managing AppSec

Third-party application security assurance is an essential part of a mature IT security program. While it’s true that every company today is a software company, the majority of applications within an enterprise’s application portfolio will be developed by third parties – often as off-the-shelf products.  A study by Quocirca found that the average enterprise has roughly 600... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

jzorabedian's picture
By John Zorabedian January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

FAQs About the New York DFS Cybersecurity Regulations

jzorabedian's picture
By John Zorabedian January 3, 2017  | Security News
New York DFS Cybersecurity Regulations

New York State has passed strict new cybersecurity requirements for financial services companies doing business in New York, and affected organizations will need to prove compliance with the regulations beginning in February 2018. New York Governor Andrew Cuomo said the "first-in-the-nation" cybersecurity regulations are necessary to "guarantee the financial services industry... READ MORE

Applications Have a New Role in Today’s Digital World: What Are the Security Implications?

sciccone's picture
By Suzanne Ciccone December 29, 2016  | Intro to AppSec
Role of applications in today's digital world.

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly... READ MORE

Where Pen Testing Belongs in Your Application Security Process

sciccone's picture
By Suzanne Ciccone December 29, 2016  | Intro to AppSec
What is manual penetration testing?

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can identify vulnerabilities that cannot be detected with automation, such as business logic flaws. Its... READ MORE

Application Security? But I Have a WAF!

TJarrett's picture
By Tim Jarrett December 28, 2016  | Intro to AppSec
Firewalls don't catch everything.

It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with it? Why should you spend time hunting down vulnerabilities in your code and figuring out how to fix them? The “appliance throwing... READ MORE

Surviving a Password Policy Perfect Storm

ahamilton's picture
By Andrew Hamilton December 27, 2016  | Intro to AppSec

As a security consultant, I see examples all the time of applications that don’t implement defense-in-depth to reduce the risk of account compromises. One area where this is especially problematic is password policy. Password policies can contribute to a strong application security strategy, or create a false sense of security while leaving user data and applications open to attack. Weak... READ MORE

Top Takeaways From Veracode’s Developer Survey

jzorabedian's picture
By John Zorabedian December 21, 2016  | Secure Development

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu