Suzanne Ciccone

Suzanne is part of the content team at CA Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

How important is it to stay on top of the quickly evolving landscape of application security and application layer risk?

February 9, 2017  | Managing AppSec

In a word, very. You simply cannot secure your application layer without being one step ahead of application security threats and solutions. The problem is that it’s almost impossible to keep up in the face of the current security skills shortage. In a report titled, “Hackers Wanted: An Examination of the Cybersecurity Labor Market,” the RAND Corporation states that: “It... READ MORE

Podcast: What We Expect to See at RSA 2017

February 7, 2017  | Security News

The annual RSA Conference is one of the biggest security industry events of the year and, as such, is often a “canary in the coalmine” – signaling the trends, themes and future direction of the security industry. In Episode 2 of CA Veracode’s AppSec in Review podcast, Brian Fitzgerald, CA Veracode Chief Marketing Officer, talks to Evan Schuman about what those emerging 2017 trends and themes... READ MORE

Podcast: Making Sense of the New York DFS Cybersecurity Regulations

January 28, 2017  | Security News

View our new guide for continued learning: Navigating the New York Department of Financial Services' Cybersecurity Regulations The New York Department of Financial Services recently issued proposed regulations for cybersecurity that seek to standardize the way that financial services institutions protect information systems and the business and personal information they manage. Organizations... READ MORE

Podcast: Challenges of the Digital Economy

January 26, 2017  | Security News

The digital innovations used by companies are making it easier for companies to improve their productivity. They also remove barriers for startups to enter new markets and make our everyday lives easier. However, the digital economy comes with challenges and risks. During this installment of CA Veracode’s AppSec in Review Podcast, Brian Fitzgerald, CMO at CA Veracode discusses the... READ MORE

What’s the Worst That Can Happen? The Cost of a “Wait and See” AppSec Plan

January 10, 2017  | Managing AppSec

In a previous blog post, we talked about the cost of a “do nothing” AppSec plan. In that blog post, we pointed out that ignoring application security can be a costly move. Why? Because your chance of a breach is very high, and so is the cost incurred from most breaches. In addition, you could now face regulatory fines by ignoring application security. But a “wait and see” AppSec plan is also a... READ MORE

Where Pen Testing Belongs in Your Application Security Process

December 29, 2016  | Intro to AppSec

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can identify vulnerabilities that cannot be detected with automation, such as business logic flaws. Its... READ MORE

Applications Have a New Role in Today’s Digital World: What Are the Security Implications?

December 29, 2016  | Intro to AppSec

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly... READ MORE

What's the Worst That Can Happen? The Cost of a "Do Nothing" AppSec Plan

December 19, 2016  | Intro to AppSec

Do you think you don’t need application security? Maybe you think application security is too complex, or too expensive. Maybe you think, we haven’t been breached yet, what are the chances? And even if someone tries, we have a WAF. It might seem more cost-effective to simply “do nothing” rather than invest in application security. But you should be aware that there is indeed a cost associated... READ MORE

Where Does Our AppSec Program Go From Here? Ask Yourself These Questions

December 7, 2016  | Managing AppSec

If you’ve just begun an application security program, but aren’t sure where to go next, here are a few questions to help point you in the right direction. Are you using more than one type of assessment technique? If not, how certain are you that your one method is locating every type of vulnerability? There is no application security silver bullet. If you’re only testing with... READ MORE

How Are You Approaching AppSec? Here’s What Your Peers Are Doing … or Not Doing

December 5, 2016  | Managing AppSec

We recently surveyed 308 security professionals responsible for application security (AppSec) to find out the struggles they’re facing and the tactics they’re employing in securing their application layer. In analyzing the responses, we found that what the respondents are not doing regarding application security is often more revealing than what they are doing. The bottom line is that... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu