Regulations like FS-ISAC and PCI are now looking at the security of open source components, are you ready?

TJarrett's picture
By Tim Jarrett November 29, 2016  | Managing AppSec
Regulations that will look at the security of open source components

For years, organizations have “checked the box” by doing the minimum to meet security standards like PCI and FS-ISAC, but a rising tide of breaches has caused most auditors to look more seriously at organizations’ security practices, including the security of open source components. Do your developers use open source components? Are you prepared to answer regulators about their... READ MORE

Building Your Application Security Program: The People Problem

sciccone's picture
By Suzanne Ciccone November 28, 2016  | Intro to AppSec

As applications play an increasingly important role in business operations, your application landscape also gets increasingly complex. And it’s not going to get simpler anytime soon. The nature of the data applications manage means application security has become critical, but the nature of the application landscape means application security requires more than just implementing a tool.... READ MORE

A Single AppSec Technology Is Not Enough

sciccone's picture
By Suzanne Ciccone November 25, 2016  | Managing AppSec
Best appsec solution requires multiple assessment types.

There is no application security silver bullet; if you’re relying on only one technology, you are leaving your organization open to attack. Over the past 10 years, we have scanned 2 trillion-plus lines of code, and we consistently see that different testing types are better an uncovering different vulnerabilities, and that one testing type is not enough. Our most recent State of Software... READ MORE

Podcast: Critical Infrastructure with Dick Clarke

Neil's picture
By Neil DuPaul November 22, 2016  | Security News
Critical infrastructure cybersecurity measures.

How do you convince companies and nation states to protect against attacks that haven't happened yet? That's the sort of question we ponder today in our latest podcast with Richard Clarke, Veracode Board Member and former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States. Richard walks us through how he thinks about convincing... READ MORE

SQL Injection Attacks and How to Prevent Them [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian November 22, 2016  | Intro to AppSec
How to detect and prevent SQL injection.

People like novelty, and why not? The same old stuff gets boring. In the security world, it's understandable that newly discovered application vulnerabilities get a lot of attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of the past year, is SQL injection.... READ MORE

Your Secure Coding Partner: Introducing Veracode AppSec Tutorials

twhite's picture
By Tyler White November 22, 2016  | Secure Development
Using Developer Pairing to Improve Productivity

The driver races ahead, attempting to stay on track as his speed is slowly increasing. Right beside him the navigator sits, guiding the driver’s efforts through his treacherous endeavor. They are both striving to keep pace with the other, as the intensity is ramping up. Everything is about to spin out of control. Then the alarm goes off, and the driver backs away from the keyboard to now... READ MORE

What’s Your No. 1 AppSec Concern? Here’s What Our Survey Respondents Say

sciccone's picture
By Suzanne Ciccone November 18, 2016  | Managing AppSec
AppSec Survey Results

We recently surveyed 308 security professionals in the US and UK tasked with application security to find out their top AppSec concerns, stumbling blocks and tactics. Their biggest AppSec concern? Overwhelmingly, it was reducing the risk of attacks while building, buying and integrating more software than ever. A majority (58 percent) of survey respondents cited this as a concern. Across regions... READ MORE

Scoping for Risk Assessment

mhorton's picture
By Mitch Horton November 17, 2016  | Managing AppSec
How to scope risk in an appsec program.

Identifying the scope of Risk for an Application Security Program is not as difficult a task as it seems. Risk Strategies for network, server and desktop environments exist in almost every company and working with the compliance group is a great starting point.  If you do not have the assistance of a compliance group then there are some great resources out there, at Veracode the Security... READ MORE

Risk Assessment – Starting the Conversation

mhorton's picture
By Mitch Horton November 16, 2016  | Managing AppSec
Risk assessments for application security

The subject of Risk is an old topic in Program and Project Management circles, identifying risks and developing strategies is the vision of success or the apparition of failure.  There are thousands of floors of compliance personnel developing Risk Strategies around the world, multiples of those floors for single companies! The benefits of developing a working Risk Strategy in Application... READ MORE

How Safe Is It Letting Google And Apple Be Your App Security Team?

eschuman's picture
By Evan Schuman November 10, 2016  | Security News

Malware threats are ever-present in mobile and this needs to be a top concern for IT execs, as they continue to issue millions of mobile devices to enterprise workers daily. An interesting piece ran in late October at TechTarget examining the protections—or lack of same—that exist for Android apps. It was a legitimate exploration of the issue and it noted that protections are much... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu