Skip to main content

Doug Bonderud

Doug Bonderud is a freelance writer passionate about the evolution of technology and its impact on companies, stakeholders and end-users alike. Want to know more? Follow Doug on Twitter.

Posts by Doug Bonderud
  • How AppSec Fits into an Information Security Program

    Want a better information security program? Most companies do and are willing to spend big money on safeguarding critical systems. As noted by Infosecurity Magazine, Allied Market Research predicts huge growth in the hardware encryption market, with a CAGR of more than 50 percent and a net value of almost $300 billion by 2020. But locking down data at rest and in transit is only one step on the… READ MORE

Stay up to date on Application Security

  • For CISO Evolution, the Three Cs Are Key

    Data breaches are on the rise. According to a recent Forbes article, more than 675 million records were compromised last year. What's more, these breaches weren't limited to a single sector: retail, financial and even post-secondary institutions were all victimized. That means IT security must evolve, and that evolution starts with the Chief Information Security Officer (CISO). In a new Dark… READ MORE

  • Vendor Management: 5 Best Practices for Secure Applications

    Third-party software can be problematic. Just ask American Airlines, which recently experienced an issue with its iPad-based electronic flight bags. A misconfiguration in third-party mapping software caused the devices to crash when pilots tried to access a specific map, in turn delaying flights and frustrating crew members. Thankfully, the issue wasn't malicious, but it does highlight the need… READ MORE

  • Application Threat Modeling: The Imagination Gap

    Cisco's annual security report, as highlighted on RCRWireless, indicates that new IT security threats are emerging. The highlights? "Snowshoe spam," which diffuses attacks over hundreds of IP addresses so as not to attract attention, is on the upswing, along with new web exploit kits such as those aimed at Microsoft Silverlight. In addition, "blended" attacks that exploit JavaScript and Flash… READ MORE

  • The New SDLC: Test Early, Test Often, Test Everything

    It is six times as expensive to fix an app vulnerability in production than to fix one in development, according to a recent Veracode webinar. This shouldn't come as a surprise: developers test for functional and performance bugs early in the in the Software Development Life Cycle (SDLC). So it makes sense that people producing code are doing security testing early, they're testing often — and… READ MORE

  • Baked-in Coding Standards Give Rise to Better Apps

    If software composition analysis is the key ingredient in your application development recipe, coding standards will make it rise. When baked into every step of the agile development process, they give you a leg up on functionality, testing and — perhaps most importantly — security. With too many companies now skipping the standards and trying purely for speed, it's worth revisiting why code… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.