Sure, the KISS rule ("Keep it simple, stupid!") sounds a little harsh, but it's an easy way to remember a universal truth: Processes work best when they aren't overly complicated. One area at risk of overcomplication is application security. This isn't surprising — bugs like Bash and Heartbleed, along with flaws such as the Misfortune Cookie or GHOST, seem to pop up at… READ MORE
Stay up to date on Application Security
- How Cross-Functional Teams Can Take Agile to the Next LevelFebruary 17, 2015
Agile isn't enough on its own. While this method of software development offers speed, security and stability, it's not perfect. The problem? It's often tied to ingrained organizational communication structures, which in turn have serious impacts on the way software is designed, tested and rolled out. The solution? Cross-functional teams that go beyond traditional borders. Here's… READ MORE
- Don't Bite the Misfortune Cookie: Flaw Reveals IoT RisksFebruary 12, 2015
The Internet of Things (IoT) promises a host of benefits for companies, but as security experts have been quick to warn, it also brings a great deal of risk. Case in point? "Misfortune Cookie," a flaw discovered by Check Point Software that puts 12 million internet-connected devices in danger. The cookie has already left a bad taste in the mouths of IT professionals — but is it… READ MORE
- New iOS Security Flaw: What's Behind the Masque?February 10, 2015
iOS devices are immune to malware — or at least, that's what Apple would have your enterprise believe. There's some truth to the claim, since malicious actors historically targeted open-source platforms such as Android instead of the closed ecosystems of iPhones and iPads. But as common sense dictates, it was only a matter of time before they found a serious iOS security flaw. Enter… READ MORE
- The New SDLC: Test Early, Test Often, Test EverythingFebruary 4, 2015 | Intro to AppSec
It is six times as expensive to fix an app vulnerability in production than to fix one in development, according to a recent Veracode webinar. This shouldn't come as a surprise: developers test for functional and performance bugs early in the in the Software Development Life Cycle (SDLC). So it makes sense that people producing code are doing security testing early, they're testing often… READ MORE
- Insurance for Web Application Developers: Plummeting Premiums with Proper Risk ManagementJanuary 19, 2015
Insurance isn't exciting. It doesn't generate noteworthy buzz or media interest — and for most companies, insurance policies are signed, stored and then forgotten unless absolutely needed. But emerging IT security threats such as Shellshock and the recurring Backoff malware have prompted significant growth in the cyber insurance market. Insurance for web application developers is one unique area… READ MORE
- Baked-in Coding Standards Give Rise to Better AppsJanuary 13, 2015
If software composition analysis is the key ingredient in your application development recipe, coding standards will make it rise. When baked into every step of the agile development process, they give you a leg up on functionality, testing and — perhaps most importantly — security. With too many companies now skipping the standards and trying purely for speed, it's worth… READ MORE
- IoT Security: How to Protect Applications on the EdgeJanuary 5, 2015
The Internet-of-Things (IoT) concept has been making the technology rounds for several years. Today, big businesses and small companies are getting on board with the notion that a host of tiny, interconnected devices could pave the way to some kind of low-cost, highly agile Utopia. However, as Dave Lewis of Forbes noted, IoT security should emerge as a critical field as IoT becomes a reality. Yet… READ MORE
- Medical Device Cybersecurity: One-off or Overall Strategy?December 17, 2014
According to recent data from MarketsandMarkets, the market for portable medical devices will be worth $20 billion by 2018. One key factor in this growth is the "availability of a wide range of medical software applications" that allows manufacturers and health agencies to custom-design medical devices to meet specific needs. The US Food and Drug Administration (FDA), meanwhile, has… READ MORE
- Fire in the Sky: Shellshock Ignites the Security DebateDecember 15, 2014
In late September, Shellshock exploded, becoming the internet's newest "big problem." Stemming from a flaw in Bash — the default shell for OS X and Linux, and often installed on Windows-based devices as well — the vulnerability caused a wave of panic, exploits and, subsequently, patches to fix this 25-year-old problem. But this is just the latest in a series of threats… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.