Doug Bonderud

Doug Bonderud is a freelance writer passionate about the evolution of technology and its impact on companies, stakeholders and end-users alike. Want to know more? Follow Doug on Twitter.
Posts by Doug Bonderud

Third-Party Security Is Defense by Design

March 24, 2015

Third parties are a problem when it comes to cybersecurity. According to IT Business Edge, handling third-party security risk will be a major concern in 2015 — and that's no surprise, since a recent BitSight study found that almost one-third of all retail IT breaches started with a third-party vendor. Since the self-certification of vendor security credentials is no longer a reliable... READ MORE

Application Threat Modeling: The Imagination Gap

March 18, 2015

Cisco's annual security report, as highlighted on RCRWireless, indicates that new IT security threats are emerging. The highlights? "Snowshoe spam," which diffuses attacks over hundreds of IP addresses so as not to attract attention, is on the upswing, along with new web exploit kits such as those aimed at Microsoft Silverlight. In addition, "blended" attacks that exploit... READ MORE

KISS Complex Application Security Good-Bye With These 3 Rules

March 4, 2015

Sure, the KISS rule ("Keep it simple, stupid!") sounds a little harsh, but it's an easy way to remember a universal truth: Processes work best when they aren't overly complicated. One area at risk of overcomplication is application security. This isn't surprising — bugs like Bash and Heartbleed, along with flaws such as the Misfortune Cookie or GHOST, seem to pop up at... READ MORE

How Cross-Functional Teams Can Take Agile to the Next Level

February 17, 2015

Agile isn't enough on its own. While this method of software development offers speed, security and stability, it's not perfect. The problem? It's often tied to ingrained organizational communication structures, which in turn have serious impacts on the way software is designed, tested and rolled out. The solution? Cross-functional teams that go beyond traditional borders. Here's... READ MORE

Don't Bite the Misfortune Cookie: Flaw Reveals IoT Risks

February 12, 2015

The Internet of Things (IoT) promises a host of benefits for companies, but as security experts have been quick to warn, it also brings a great deal of risk. Case in point? "Misfortune Cookie," a flaw discovered by Check Point Software that puts 12 million internet-connected devices in danger. The cookie has already left a bad taste in the mouths of IT professionals — but is it... READ MORE

New iOS Security Flaw: What's Behind the Masque?

February 10, 2015

iOS devices are immune to malware — or at least, that's what Apple would have your enterprise believe. There's some truth to the claim, since malicious actors historically targeted open-source platforms such as Android instead of the closed ecosystems of iPhones and iPads. But as common sense dictates, it was only a matter of time before they found a serious iOS security flaw. Enter... READ MORE

The New SDLC: Test Early, Test Often, Test Everything

February 4, 2015  | Intro to AppSec

It is six times as expensive to fix an app vulnerability in production than to fix one in development, according to a recent Veracode webinar. This shouldn't come as a surprise: developers test for functional and performance bugs early in the in the Software Development Life Cycle (SDLC). So it makes sense that people producing code are doing security testing early, they're testing often... READ MORE

Insurance for Web Application Developers: Plummeting Premiums with Proper Risk Management

January 19, 2015

Insurance isn't exciting. It doesn't generate noteworthy buzz or media interest — and for most companies, insurance policies are signed, stored and then forgotten unless absolutely needed. But emerging IT security threats such as Shellshock and the recurring Backoff malware have prompted significant growth in the cyber insurance market. Insurance for web application developers is... READ MORE

Baked-in Coding Standards Give Rise to Better Apps

January 13, 2015

If software composition analysis is the key ingredient in your application development recipe, coding standards will make it rise. When baked into every step of the agile development process, they give you a leg up on functionality, testing and — perhaps most importantly — security. With too many companies now skipping the standards and trying purely for speed, it's worth... READ MORE

IoT Security: How to Protect Applications on the Edge

January 5, 2015

The Internet-of-Things (IoT) concept has been making the technology rounds for several years. Today, big businesses and small companies are getting on board with the notion that a host of tiny, interconnected devices could pave the way to some kind of low-cost, highly agile Utopia. However, as Dave Lewis of Forbes noted, IoT security should emerge as a critical field as IoT becomes a reality. Yet... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu