Suzanne Ciccone

Suzanne is part of the content team at Veracode, working to create resources that shed light on AppSec problems and solutions. 
Posts by Suzanne Ciccone

Where Pen Testing Belongs in Your Application Security Process

December 29, 2016  | Intro to AppSec

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can identify vulnerabilities that cannot be detected with automation, such as business logic flaws. Its... READ MORE

Applications Have a New Role in Today’s Digital World: What Are the Security Implications?

December 29, 2016  | Intro to AppSec

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly... READ MORE

What's the Worst That Can Happen? The Cost of a "Do Nothing" AppSec Plan

December 19, 2016  | Intro to AppSec

Do you think you don’t need application security? Maybe you think application security is too complex, or too expensive. Maybe you think, we haven’t been breached yet, what are the chances? And even if someone tries, we have a WAF. It might seem more cost-effective to simply “do nothing” rather than invest in application security. But you should be aware that there is indeed a cost associated... READ MORE

Where Does Our AppSec Program Go From Here? Ask Yourself These Questions

December 7, 2016  | Managing AppSec

If you’ve just begun an application security program, but aren’t sure where to go next, here are a few questions to help point you in the right direction. Are you using more than one type of assessment technique? If not, how certain are you that your one method is locating every type of vulnerability? There is no application security silver bullet. If you’re only testing with... READ MORE

How Are You Approaching AppSec? Here’s What Your Peers Are Doing … or Not Doing

December 5, 2016  | Managing AppSec

We recently surveyed 308 security professionals responsible for application security (AppSec) to find out the struggles they’re facing and the tactics they’re employing in securing their application layer. In analyzing the responses, we found that what the respondents are not doing regarding application security is often more revealing than what they are doing. The bottom line is that... READ MORE

The Role of Applications in Today’s Digital World

December 1, 2016  | Intro to AppSec

Five years ago, Marc Andreessen famously stated that “software is eating the world,” and it has and is in ways that he probably couldn’t have imagined even five years ago. Applications are no longer a nice-to-have. They play a central role in how and why businesses operate, and companies are producing them in unprecedented numbers. In fact, a typical $500 million-plus enterprise today has... READ MORE

Building Your Application Security Program: The People Problem

November 28, 2016  | Intro to AppSec

As applications play an increasingly important role in business operations, your application landscape also gets increasingly complex. And it’s not going to get simpler anytime soon. The nature of the data applications manage means application security has become critical, but the nature of the application landscape means application security requires more than just implementing a tool.... READ MORE

A Single AppSec Technology Is Not Enough

November 25, 2016  | Managing AppSec

There is no application security silver bullet; if you’re relying on only one technology, you are leaving your organization open to attack. Over the past 10 years, we have scanned 2 trillion-plus lines of code, and we consistently see that different testing types are better an uncovering different vulnerabilities, and that one testing type is not enough. Our most recent State of Software... READ MORE

What’s Your No. 1 AppSec Concern? Here’s What Our Survey Respondents Say

November 18, 2016  | Managing AppSec

We recently surveyed 308 security professionals in the US and UK tasked with application security to find out their top AppSec concerns, stumbling blocks and tactics. Their biggest AppSec concern? Overwhelmingly, it was reducing the risk of attacks while building, buying and integrating more software than ever. A majority (58 percent) of survey respondents cited this as a concern. Across regions... READ MORE

Do You Use Open-Source Components? Find Out What Our Latest Research Reveals

October 31, 2016  | Managing AppSec

We just published our seventh State of Software Security (SoSS) report. Based on the goldmine of data we have accumulated over the past 18 months and 300,000 security assessments, this SoSS report is intended to give security practitioners a clear picture of application security trends and how their initiatives compare to their peers’. New in this version of the report is a deep-dive look at the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu