Evan Wade is a professional freelance writer, author, and editor from Indianapolis. His time as a sales consultant with AT&T, combined with his current work as a tech reporter, give him unique insight into the world of mobile/Web security and the steps needed to properly secure software products. Follow him on Twitter.
You don't need to be an expert to know that hacks, attacks and other digital security breaches are never a good thing. But one industry's annoyance is another industry's nightmare — and if you've read Veracode's "State of Software Security Report, Volume 6," then you know that most common security vulnerabilities are more frequent in some industries than others. Here's a brief look at the top 10… READ MORE ›
Stay up to date on Application Security
In some ways, all injection attacks are the same. The hacker puts code in some form of user input field, attempting to trick the machines on the other end into granting information or access they shouldn't. If successful, the hacker then uses these ill-gotten gains to carry out damaging attacks like information theft, browser/session hijacking, site defacement, and so on. But the devil is in the… READ MORE ›
- The Scalability Challenge, Part Four: Security Regulations, Scaling and AutomationSeptember 2, 2015 | Managing AppSec
If you've read the existing pieces in Veracode's "Addressing the Scalability Challenge" series (a collection of blog posts spurred by a whitepaper of the same title), then you know that scaling your security efforts can be a challenge. The threatscape businesses face is larger than ever, and it only grows (read: scales) as organizations find new and exciting ways to implement technology into… READ MORE ›
There's a reason DevOps culture values effective communication and collaboration so highly. In an industry where distributed offices full of crucial roles are the norm — and one where even departments within the same buildings tend to distrust one another — any improvement in the way people interact is bound to have some positive results, especially when so many moving parts need to work together… READ MORE ›
In some ways, dealing with problems caused by insecure third-party code is harder than resolving internal development issues. By default, you have less direct control over a vendor's actions when a security issue is discovered, making it difficult ensure that the issue is remediated. There are additional enterprise-vendor relationships to navigate -- sales teams, vendor executives, procurement… READ MORE ›
The fact that communication is a vital aspect of successful third-party relationships is obvious. ("You mean to tell me I have to talk to the companies producing my code? Jeez, next you'll say I have to give them money or something!") That said, simple statements can hold a lot of meaning, and woe be unto companies that don't do a good job communicating in all the forms that interactions with… READ MORE ›
Not even the best fence in the world is secure if you leave a gate hanging open. In a lot of ways, that basic idea sums up why most security vulnerabilities start with perpetrators finding relatively small security oversights. Attackers prefer the path of least resistance, and getting a proverbial foot (or even just a toe) in the door can allow them to leapfrog toward things they never would've… READ MORE ›
"Agile" does not have to mean "insecure." Development is a game of trade-offs, and speed often means sloppiness no matter what kind of project you're working on. But keeping secure development practices on lockdown from day one doesn't have to vanish with the waterfall. Take a look at Microsoft. While its "switch" has been more of a gradual scoot and may not necessitate a wholesale change, there'… READ MORE ›
Quickly bringing product to market tends to require more tools, skills and chunks of code than a single development location can offer. That basic fact can put secure development policy management somewhere between rocket science and the black arts on the difficulty scale — and as a company expands, it only gets harder. Whipping those external offices into shape from a security standpoint is… READ MORE ›
Typically, the goal of continuous security monitoring is to ensure that applications remain in compliance with your security policies -- even through expansions, upgrades and patches. Committing to continuous security monitoring practices almost always means making changes as an organization. While those changes don't have to be difficult, they can certainly look that way from the front lines,… READ MORE ›
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.