Intro to AppSec
New to application security? Learn what AppSec entails, why it matters to the health of your business, and how to get started setting up an AppSec program.
Why Application Security is Important to Vulnerability Management
It was the day before a holiday break, and everyone was excited to have a few days off to spend with friends and family. A skeleton crew was managing the security operations center, and it seemed as though every other team left early to beat the holiday traffic. Every team other than the vulnerability management (VM) team that is. Just before it was time to leave for the day, and the holiday READ MORE
Stay up to date on Application Security
AppSec Tools Proliferation Is Driving Investments to Consolidate
When it comes to application security (AppSec), it’s important to note that no one testing type can uncover every flaw. Each tool is designed with a different area of focus, along with various speeds and costs – so it’s necessary to employ a mix of testing types. A good way to think about AppSec testing types is to compare them to health exams. You wouldn’t have a cholesterol test and assume your READ MORE69% Say Their AppSec Is Effective but Don’t Have Tools to Measure It
Veracode recently sponsored Enterprise Strategy Group’s (ESG) survey of 378 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams. The first survey question for developers and security professionals was to rate the READ MORE10 Elements of the Most Effective Application Security Programs
Veracode’s Chris Wysopal and Chris Eng recently joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security. The research is based on a survey of nearly 400 developers and security READ MORENew ESG Survey Report: Modern Application Development Security
As organizations continue to adopt DevSecOps, a methodology that shifts security measures to the beginning of the software development lifecycle (SDLC), roles and processes are evolving. Developers are expected to take on increased security measures – such as application security (AppSec) scans, flaw remediation, and secure coding – and security professionals are expected to take on more of a READ MORELive from Black Hat: Healthscare – An Insider's Biopsy of Healthcare Application Security with Seth Fogie
Healthcare providers heavily leverage technology. In his talk, Seth Fogie, information security director at Penn Medicine takes apart different vendor systems at the “fictitious” Black Hat Clinic. Fogie gives a lot of examples and drives home the point that you shouldn’t just look at network security … you have to dig deep into the applications to ensure the security of your data. Following the READ MORENew Data Reveals How AppSec Is Adapting to New Development Realities
In today’s fast-paced world, companies are racing to bring new, innovative software to market first. In order to keep up with the speed of innovation, many organizations are shifting toward DevSecOps. DevSecOps brings security to the front of the software development lifecycle (SDLC), allowing for both fast deployments and secure applications. Even though DevSecOps is able to meet the needs of READ MOREWhy is Dynamic Analysis an Important Part of Your AppSec Mix?
By now, most are familiar with the concept of DevSecOps. With DevSecOps, application security (AppSec) is moved to the beginning of the software development lifecycle (SDLC). By scanning earlier in the SDLC, you are able to find and fix flaws earlier. This can result in significant time and cost savings. Most organizations understand the importance of static analysis, which scans for flaws during READ MORE
Your stakeholders have signed off on an application security program, you’ve selected a vendor … but now what? There is no detailed handbook or instruction manual for getting started because every organization is different. You need to formulate your own plan to make sure the program meets the individual needs of your organization. But that doesn’t mean that there aren’t tips or suggestions to READ MORE
It can sometimes feel like development and security teams are working toward two separate goals. Both developers and security professionals are supposed to be working toward timely, secure releases, but in reality, developers tend to prioritize speed and function, and security professionals prioritize security measures. How can you unify the teams and focus them on shared goals? A little history READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.