Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

How to Evaluate and Select Application Security Testing Vendors

jfeiman's picture
By Joseph Feiman December 5, 2016  | Intro to AppSec

The application security testing (AST) market is getting crowded. In addition, many of the vendors offer multiple technologies, and are promising even more advanced technologies in the near future. Some deliver technologies as tools, some as services. And these technologies are all priced differently. The question is: How do you evaluate the marketplace and select the right vendor? In this blog,... READ MORE

The Role of Applications in Today’s Digital World

sciccone's picture
By Suzanne Ciccone December 1, 2016  | Intro to AppSec
Software security in the modern world.

Five years ago, Marc Andreessen famously stated that “software is eating the world,” and it has and is in ways that he probably couldn’t have imagined even five years ago. Applications are no longer a nice-to-have. They play a central role in how and why businesses operate, and companies are producing them in unprecedented numbers. In fact, a typical $500 million-plus enterprise... READ MORE

Building Your Application Security Program: The People Problem

sciccone's picture
By Suzanne Ciccone November 28, 2016  | Intro to AppSec

As applications play an increasingly important role in business operations, your application landscape also gets increasingly complex. And it’s not going to get simpler anytime soon. The nature of the data applications manage means application security has become critical, but the nature of the application landscape means application security requires more than just implementing a tool.... READ MORE

SQL Injection Attacks and How to Prevent Them [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian November 22, 2016  | Intro to AppSec
How to detect and prevent SQL injection.

People like novelty, and why not? The same old stuff gets boring. In the security world, it's understandable that newly discovered application vulnerabilities get a lot of attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of the past year, is SQL injection.... READ MORE

How Often Should You Assess Apps for Security?

sciccone's picture
By Suzanne Ciccone October 28, 2016  | Intro to AppSec
Scan code continuously.

Those new to AppSec might wonder – how often do I have to test my apps for security? One school of thought is: do a one-time scan of all or most apps in production, fix the most egregious defects and either consider security testing “done” – or maybe schedule another scan in several months, even for the next year. The problem with this model is that it doesn’t work... READ MORE

The Importance of Manual Penetration Testing

wriggins's picture
By Willa Riggins October 25, 2016  | Intro to AppSec
Why penetration testing is important.

What vulnerability did you deploy today? You’ve run your static and dynamic scans, implemented a secure development lifecycle, and made security job one -- but how sure are you? Some security testing just can’t be automated. In the end, the only way to know for sure is to perform a manual penetration test. Why use Manual Penetration Testing Traditionally, MPT on its own can be... READ MORE

AppSec: From the Breakroom to the Boardroom

sciccone's picture
By Suzanne Ciccone October 14, 2016  | Intro to AppSec
Appsec should be on the mind of every department.

Application security is an emerging and critical aspect of a security program; however, all AppSec attitudes are not created equal. Unlike other security initiatives, application security affects a lot of different people in your organization – and in different ways. A developer’s attitude toward and concerns about an application security program will not be the same as a member of... READ MORE

Software Grammar 101

amcguinness's picture
By Amanda McGuinness October 5, 2016  | Intro to AppSec
If only software had built-in code checking.

I am not a developer, I’m a writer. However, it has become clear to me that these two professions have more in common than I had originally thought. Really, we are doing the same thing - just in different languages, and to different ends. The gratification that comes from starting with a blank page, building something that didn't exist before, and achieving a purpose, is the same. I... READ MORE

Why Data Breaches Still Happen

pherzog's picture
By Pete Herzog October 3, 2016  | Intro to AppSec
Why there are still breaches explained with a dam metaphor.

  Video Transcript All this is a dam and it's my metaphor for security. Sure, it's a bit overused and simplistic, so work with me. A dam is used for more than just pooling water or preventing flooding, it's also used to reclaim land, provide a fresh water supply, generate electricity, just like business level security is more than just preventing against attacks or protecting... READ MORE

Why DevOps Is Not DevSecOps

jfeiman's picture
By Joseph Feiman August 25, 2016  | Intro to AppSec

The IT industry has long welcomed DevSecOps, yet it is still poorly adopted. Gartner tellingly defines its status as: “Trough of Disillusionment.” What is inhibiting adoption? For the answer, look at its definition, and you will sense something odd. It is defined as a set of processes, people, methods, models, policies, culture, recipes, blueprints and templates.  This list... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu