Originally an embedded systems developer working on military grade secure communications systems in South Africa, Colin has over 20 years of development and security expertise in the telecommunications, consumer, medical and financial service industries. His most recent experience has been as the technical expert leading a large scale application security programme in a large multinational investment bank. He was responsible for the deployment and operation of the Veracode service, and leading the remediation programme, and deploying a RASP solution within the organisation.
- Will Websites Be the Next Target of Ransomware Attacks?September 28, 2017 | Managing AppSec
Recent research by Wordfence indicates that Wordpress might be the next big ransomware target. Wordfence found that certain Wordpress plugins exhibit malicious behaviour in the form of ransomware against the host website. Typically, these plugins will encrypt the data on the website, thereby rendering it non-functional, and then attempt to extort payment from the owner in order to decrypt the… READ MORE
Stay up to date on Application Security
- Security: Make a Commitment to Working With Development
The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new understanding of developer priorities and processes. The security function cannot be effective in a… READ MORE
In a previous blog post, I discussed the differing perspectives security and development teams have about the use of open source components. Taking these perspectives into account, what is the best way to enable the use of open source components in your organization? Forbidding their use entirely is not a viable option and, in fact, would be detrimental to both developers and the organization as… READ MORE
- Development and Security Have Different Perspectives on Open Source ComponentsMay 9, 2017 | Managing AppSec
Open source components are a blessing and a curse. From a developer’s perspective, they’re a no-cost way to speed the development process. But they can be a curse security-wise. Many open source components contain vulnerabilities that put the organization at risk of getting breached and failing compliance audits. In fact, recent Veracode research looked at all the Java applications we scanned in… READ MORE
- Lessons Learned Building an Application Security TeamMarch 14, 2017 | Managing AppSec
In 2012, I joined a large investment bank in London to start and grow itsapplication security programme from the ground up. My initial focus was on the selection of the best tool for the job; namely, a static code analysis scanner that could be deployed easily, and scale widely. Within a few months, I had access to theVeracode Application Security Platform, and I was ready to start scanning my… READ MORE
- A Few of My Lessons Learned Building an AppSec ProgramMarch 13, 2017 | Managing AppSec
I recently joined Veracode after spending five years building an application security program from the ground up at a global investment bank. This experience gives me a unique perspective on the struggles and hurdles our customers are facing, and puts me in a position to share my lessons learned and provide helpful information and advice for those starting or managing a growing application… READ MORE
- How to Run a Successful Proof of Value for an Application Security ProgrammeMarch 1, 2017 | Managing AppSec
So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.