The Future of AppSec is DevSecOps

jlavery's picture
By Jessica Lavery December 19, 2016  | Secure Development
What's next for application security in 2017?

With 2016 coming to an end, we, like many companies, are reflecting on the trends of the past year. We are also looking outward to what the future holds for application security, and it has never been clearer that the future of application security will be tied to DevOps and integrating security into DevOps environments. As such, it is crucial that security becomes part of the entire software... READ MORE

What's the Worst That Can Happen? The Cost of a "Do Nothing" AppSec Plan

sciccone's picture
By Suzanne Ciccone December 19, 2016  | Intro to AppSec

Do you think you don’t need application security? Maybe you think application security is too complex, or too expensive. Maybe you think, we haven’t been breached yet, what are the chances? And even if someone tries, we have a WAF. It might seem more cost-effective to simply “do nothing” rather than invest in application security. But you should be aware that there is... READ MORE

You’re Invited: A DevOps Dinner Party

ktcampbell's picture
By Katie Campbell December 16, 2016  | Secure Development

With the holidays quickly approaching, I can’t help but think about all of the dinner parties just around the corner and the many hours of “forced family fun” as we like to call it in our house. Don’t get me wrong, I love all the dishes that get whipped up by my family members, but with that comes the fact that you need to sit around the dinner table … for hours... READ MORE

App Security Deserves Far More IT Respect

eschuman's picture
By Evan Schuman December 15, 2016  | Security News

App Security today is the Rodney Dangerfield of IT security. Everyone knows about it, but it gets no respect. Isn't it obvious that because apps are granted greater data-sharing with other apps and the ability to update itself—directly to the mothership—without IT signoff, that perhaps this should soar to the top of the danger list? Apparently not. Consider just a few examples... READ MORE

Airbags and AppSec: Changing the Mindset on Software Security

cwysopal's picture
By Chris Wysopal December 13, 2016  | Managing AppSec
Seat belts and appsec, will software security ever become a requirement?

In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts,... READ MORE

Holiday Short-Duration Sites Deliver Long-Duration Headaches

eschuman's picture
By Evan Schuman December 12, 2016  | Security News
Seasonal marketing websites are long term security risks if not properly inventoried!

The holiday season is now upon us, which means retail pop-up stores and seasonal sites. Those are all good for merchants, good for gift-seeking shoppers and potentially very good news for cyberthieves hoping for vulnerable sites that can fuel fraud. Why, you might ask, would a retailer with robust anti-fraud and other security measures forego those efforts for a seasonal site? First, they do and... READ MORE

Developers' Holiday Wish List: Make Yourself More Popular Than Santa

amcguinness's picture
By Amanda McGuinness December 8, 2016  | Managing AppSec
Developer gifts from security

With the holidays fast approaching, you are probably starting to think about what gifts to get for your family, friends and colleagues. This can be a daunting task – especially if the only answer you get to gift queries is "Oh I don't really want anything" or "You don’t have to get me anything! - even though they really do. (P.S., you’re all getting candles... READ MORE

Where Does Our AppSec Program Go From Here? Ask Yourself These Questions

sciccone's picture
By Suzanne Ciccone December 7, 2016  | Managing AppSec
How to improve your appsec program.

If you’ve just begun an application security program, but aren’t sure where to go next, here are a few questions to help point you in the right direction. Are you using more than one type of assessment technique? If not, how certain are you that your one method is locating every type of vulnerability? There is no application security silver bullet. If you’re only testing with... READ MORE

Application Security Predictions for 2017 and Beyond

jfeiman's picture
By Joseph Feiman December 6, 2016  | Managing AppSec
Application Security Predictions 2017

As 2016 winds down, I’ve been reflecting on how far the application security market has come over the past 12 years I’ve been involved in the industry. We’ve come a long way. But as technology continues to evolve, so will application security. The growing trend of continuous development, increasing use of third-party and open-source components, and the surging number of... READ MORE

Is Your Dynamic Scanning Context Aware?

JPelletier's picture
By Joe Pelletier December 6, 2016  | Managing AppSec
Dynamic analysis, context aware scanning.

When it comes to dynamic scanning, speed and accuracy are critical factors. Developers and security teams have no time for false positives, especially in a world where the time between releases is increasingly compressed. Yet a common vulnerability found by dynamic scanners is Cross-Site Scripting (XSS), and these vulnerabilities are often either false positive or missed due to poor coverage. In... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu