Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

The Importance of Manual Penetration Testing

wriggins's picture
By Willa Riggins October 25, 2016  | Intro to AppSec
Why penetration testing is important.

What vulnerability did you deploy today? You’ve run your static and dynamic scans, implemented a secure development lifecycle, and made security job one -- but how sure are you? Some security testing just can’t be automated. In the end, the only way to know for sure is to perform a manual penetration test. Why use Manual Penetration Testing Traditionally, MPT on its own can be... READ MORE

AppSec: From the Breakroom to the Boardroom

sciccone's picture
By Suzanne Ciccone October 14, 2016  | Intro to AppSec
Appsec should be on the mind of every department.

Application security is an emerging and critical aspect of a security program; however, all AppSec attitudes are not created equal. Unlike other security initiatives, application security affects a lot of different people in your organization – and in different ways. A developer’s attitude toward and concerns about an application security program will not be the same as a member of... READ MORE

Software Grammar 101

amcguinness's picture
By Amanda McGuinness October 5, 2016  | Intro to AppSec
If only software had built-in code checking.

I am not a developer, I’m a writer. However, it has become clear to me that these two professions have more in common than I had originally thought. Really, we are doing the same thing - just in different languages, and to different ends. The gratification that comes from starting with a blank page, building something that didn't exist before, and achieving a purpose, is the same. I... READ MORE

Why Data Breaches Still Happen

pherzog's picture
By Pete Herzog October 3, 2016  | Intro to AppSec
Why there are still breaches explained with a dam metaphor.

  Video Transcript All this is a dam and it's my metaphor for security. Sure, it's a bit overused and simplistic, so work with me. A dam is used for more than just pooling water or preventing flooding, it's also used to reclaim land, provide a fresh water supply, generate electricity, just like business level security is more than just preventing against attacks or protecting... READ MORE

Why DevOps Is Not DevSecOps

jfeiman's picture
By Joseph Feiman August 25, 2016  | Intro to AppSec

The IT industry has long welcomed DevSecOps, yet it is still poorly adopted. Gartner tellingly defines its status as: “Trough of Disillusionment.” What is inhibiting adoption? For the answer, look at its definition, and you will sense something odd. It is defined as a set of processes, people, methods, models, policies, culture, recipes, blueprints and templates.  This list... READ MORE

Top 4 Reasons Why Application Security Should Be Your Focus

sciccone's picture
By Suzanne Ciccone August 16, 2016  | Intro to AppSec

We live in a software-driven world – it’s how organizations in every industry interact with customers, prospects and partners. But information security has not kept pace with this shift, and traditional defenses are proving inadequate in this environment. As users and applications become the risk focal point, there is no hard and fast perimeter security professionals can put a wall... READ MORE

You’ve Tested the AppSec Waters: Now It’s Time to Take the Plunge

sciccone's picture
By Suzanne Ciccone August 11, 2016  | Intro to AppSec
cliff diver

You’ve dipped your toes into the AppSec waters, but now it’s time to wade in a little further. Many organizations understand application security is important, and maybe they’ve done some scanning or pen testing of a handful of apps. But many are also unsure what comes next, or even if anything needs to come next. The reality is that Web application attacks are now the most... READ MORE

You Can’t Keep Up With the Security Demand

sciccone's picture
By Suzanne Ciccone July 12, 2016  | Intro to AppSec

Developers are cranking out code faster than ever, and the threat landscape is growing and changing at an equally fast pace – all while the number of skilled security professionals is at an all-time low. If your application security strategy is to test code after it’s completed, then scramble to fix whatever’s broken, or worse, patch vulnerabilities in code as you hear about... READ MORE

Staying Ahead of Hidden Vulnerabilities in Your System

sporemba's picture
By Sue Poremba June 29, 2016  | Intro to AppSec

It’s been two years since the Heartbleed vulnerability made news, had companies scrambling for a fix, and sent computer users into a panic. It’s been a while since there has been a vulnerability of that magnitude to create headlines, but it doesn’t mean that vulnerabilities aren’t hiding in the software we use every day. Just this week alone, vulnerabilities have been... READ MORE

Why Firewalls Aren’t Your Only Friend

dstrom's picture
By David Strom June 21, 2016  | Intro to AppSec

Firewalls have been protecting networks for decades, and many of us can’t remember life before them. But they aren’t your only friends, and these days just having a firewall isn’t enough to keep the bad guys from penetrating your network. While they are a good first step, you need to start thinking beyond firewalls to keep your infrastructure secure. What is really required is... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.