Suzanne Ciccone

Suzanne is part of the content team at Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

Podcast: Making Sense of the New York DFS Cybersecurity Regulations

January 28, 2017  | Security News

View our new guide for continued learning: Navigating the New York Department of Financial Services' Cybersecurity Regulations The New York Department of Financial Services recently issued proposed regulations for cybersecurity that seek to standardize the way that financial services institutions protect information systems and the business and personal information they manage. Organizations... READ MORE

Podcast: Challenges of the Digital Economy

January 26, 2017  | Security News

The digital innovations used by companies are making it easier for companies to improve their productivity. They also remove barriers for startups to enter new markets and make our everyday lives easier. However, the digital economy comes with challenges and risks. During this installment of Veracode’s AppSec in Review Podcast, Brian Fitzgerald, CMO at Veracode discusses the challenges... READ MORE

What’s the Worst That Can Happen? The Cost of a “Wait and See” AppSec Plan

January 10, 2017  | Managing AppSec

In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now face regulatory fines by ignoring application security. But a “wait and see”... READ MORE

Where Pen Testing Belongs in Your Application Security Process

December 29, 2016  | Intro to AppSec

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can identify vulnerabilities that cannot be detected with automation, such as business logic flaws. Its... READ MORE

Applications Have a New Role in Today’s Digital World: What Are the Security Implications?

December 29, 2016  | Intro to AppSec

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly... READ MORE

What's the Worst That Can Happen? The Cost of a "Do Nothing" AppSec Plan

December 19, 2016  | Intro to AppSec

Do you think you don’t need application security? Maybe you think application security is too complex, or too expensive. Maybe you think, we haven’t been breached yet, what are the chances? And even if someone tries, we have a WAF. It might seem more cost-effective to simply “do nothing” rather than invest in application security. But you should be aware that there is... READ MORE

Where Does Our AppSec Program Go From Here? Ask Yourself These Questions

December 7, 2016  | Managing AppSec

If you’ve just begun an application security program, but aren’t sure where to go next, here are a few questions to help point you in the right direction. Are you using more than one type of assessment technique? If not, how certain are you that your one method is locating every type of vulnerability? There is no application security silver bullet. If you’re only testing with... READ MORE

How Are You Approaching AppSec? Here’s What Your Peers Are Doing … or Not Doing

December 5, 2016  | Managing AppSec

We recently surveyed 308 security professionals responsible for application security (AppSec) to find out the struggles they’re facing and the tactics they’re employing in securing their application layer. In analyzing the responses, we found that what the respondents are not doing regarding application security is often more revealing than what they are doing. The bottom line is that... READ MORE

The Role of Applications in Today’s Digital World

December 1, 2016  | Intro to AppSec

Five years ago, Marc Andreessen famously stated that “software is eating the world,” and it has and is in ways that he probably couldn’t have imagined even five years ago. Applications are no longer a nice-to-have. They play a central role in how and why businesses operate, and companies are producing them in unprecedented numbers. In fact, a typical $500 million-plus enterprise... READ MORE

Building Your Application Security Program: The People Problem

November 28, 2016  | Intro to AppSec

As applications play an increasingly important role in business operations, your application landscape also gets increasingly complex. And it’s not going to get simpler anytime soon. The nature of the data applications manage means application security has become critical, but the nature of the application landscape means application security requires more than just implementing a tool.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu