Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

Applications Have a New Role in Today’s Digital World: What Are the Security Implications?

sciccone's picture
By Suzanne Ciccone December 29, 2016  | Intro to AppSec
Role of applications in today's digital world.

In a previous blog post, we explored how software is “eating the world,” and how applications have gone from a nice-to-have to a critical part of running a business. As enterprises are forced to develop and buy more and more software – and at a lightning pace in order to keep up with the competition – what are the security implications? Cyberattackers are increasingly... READ MORE

Where Pen Testing Belongs in Your Application Security Process

sciccone's picture
By Suzanne Ciccone December 29, 2016  | Intro to AppSec
What is manual penetration testing?

What Is Manual Penetration Testing? Manual penetration testing (pen testing) is an application security method in which a human pen tester manually tries to hack into an application to find vulnerabilities. An important component of your overall application security program, this method can identify vulnerabilities that cannot be detected with automation, such as business logic flaws. Its... READ MORE

Application Security? But I Have a WAF!

TJarrett's picture
By Tim Jarrett December 28, 2016  | Intro to AppSec
Firewalls don't catch everything.

It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with it? Why should you spend time hunting down vulnerabilities in your code and figuring out how to fix them? The “appliance throwing”... READ MORE

Surviving a Password Policy Perfect Storm

ahamilton's picture
By Andrew Hamilton December 27, 2016  | Intro to AppSec

As a security consultant, I see examples all the time of applications that don’t implement defense-in-depth to reduce the risk of account compromises. One area where this is especially problematic is password policy. Password policies can contribute to a strong application security strategy, or create a false sense of security while leaving user data and applications open to attack. Weak policies... READ MORE

What's the Worst That Can Happen? The Cost of a "Do Nothing" AppSec Plan

sciccone's picture
By Suzanne Ciccone December 19, 2016  | Intro to AppSec

Do you think you don’t need application security? Maybe you think application security is too complex, or too expensive. Maybe you think, we haven’t been breached yet, what are the chances? And even if someone tries, we have a WAF. It might seem more cost-effective to simply “do nothing” rather than invest in application security. But you should be aware that there is indeed a cost associated... READ MORE

How to Evaluate and Select Application Security Testing Vendors

jfeiman's picture
By Joseph Feiman December 5, 2016  | Intro to AppSec

The application security testing (AST) market is getting crowded. In addition, many of the vendors offer multiple technologies, and are promising even more advanced technologies in the near future. Some deliver technologies as tools, some as services. And these technologies are all priced differently. The question is: How do you evaluate the marketplace and select the right vendor? In this blog,... READ MORE

The Role of Applications in Today’s Digital World

sciccone's picture
By Suzanne Ciccone December 1, 2016  | Intro to AppSec
Software security in the modern world.

Five years ago, Marc Andreessen famously stated that “software is eating the world,” and it has and is in ways that he probably couldn’t have imagined even five years ago. Applications are no longer a nice-to-have. They play a central role in how and why businesses operate, and companies are producing them in unprecedented numbers. In fact, a typical $500 million-plus enterprise today has... READ MORE

Building Your Application Security Program: The People Problem

sciccone's picture
By Suzanne Ciccone November 28, 2016  | Intro to AppSec

As applications play an increasingly important role in business operations, your application landscape also gets increasingly complex. And it’s not going to get simpler anytime soon. The nature of the data applications manage means application security has become critical, but the nature of the application landscape means application security requires more than just implementing a tool.... READ MORE

SQL Injection Attacks and How to Prevent Them [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian November 22, 2016  | Intro to AppSec
How to detect and prevent SQL injection.

It's understandable that newly discovered application vulnerabilities get a lot of hype and attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of recent years, is SQL injection. According to Veracode research, SQL injection ranks among the 10 most common vulnerabilities... READ MORE

How Often Should You Assess Apps for Security?

sciccone's picture
By Suzanne Ciccone October 28, 2016  | Intro to AppSec
Scan code continuously.

Those new to AppSec might wonder – how often do I have to test my apps for security? One school of thought is: do a one-time scan of all or most apps in production, fix the most egregious defects and either consider security testing “done” – or maybe schedule another scan in several months, even for the next year. The problem with this model is that it doesn’t work... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu