Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

Surviving a Password Policy Perfect Storm

ahamilton's picture
By Andrew Hamilton December 27, 2016  | Intro to AppSec

As a security consultant, I see examples all the time of applications that don’t implement defense-in-depth to reduce the risk of account compromises. One area where this is especially problematic is password policy. Password policies can contribute to a strong application security strategy, or create a false sense of security while leaving user data and applications open to attack. Weak policies... READ MORE

What's the Worst That Can Happen? The Cost of a "Do Nothing" AppSec Plan

sciccone's picture
By Suzanne Ciccone December 19, 2016  | Intro to AppSec

Do you think you don’t need application security? Maybe you think application security is too complex, or too expensive. Maybe you think, we haven’t been breached yet, what are the chances? And even if someone tries, we have a WAF. It might seem more cost-effective to simply “do nothing” rather than invest in application security. But you should be aware that there is... READ MORE

How to Evaluate and Select Application Security Testing Vendors

jfeiman's picture
By Joseph Feiman December 5, 2016  | Intro to AppSec

The application security testing (AST) market is getting crowded. In addition, many of the vendors offer multiple technologies, and are promising even more advanced technologies in the near future. Some deliver technologies as tools, some as services. And these technologies are all priced differently. The question is: How do you evaluate the marketplace and select the right vendor? In this blog,... READ MORE

The Role of Applications in Today’s Digital World

sciccone's picture
By Suzanne Ciccone December 1, 2016  | Intro to AppSec
Software security in the modern world.

Five years ago, Marc Andreessen famously stated that “software is eating the world,” and it has and is in ways that he probably couldn’t have imagined even five years ago. Applications are no longer a nice-to-have. They play a central role in how and why businesses operate, and companies are producing them in unprecedented numbers. In fact, a typical $500 million-plus enterprise today has... READ MORE

Building Your Application Security Program: The People Problem

sciccone's picture
By Suzanne Ciccone November 28, 2016  | Intro to AppSec

As applications play an increasingly important role in business operations, your application landscape also gets increasingly complex. And it’s not going to get simpler anytime soon. The nature of the data applications manage means application security has become critical, but the nature of the application landscape means application security requires more than just implementing a tool.... READ MORE

SQL Injection Attacks and How to Prevent Them [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian November 22, 2016  | Intro to AppSec
How to detect and prevent SQL injection.

It's understandable that newly discovered application vulnerabilities get a lot of hype and attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of recent years, is SQL injection. According to Veracode research, SQL injection ranks among the 10 most common vulnerabilities... READ MORE

How Often Should You Assess Apps for Security?

sciccone's picture
By Suzanne Ciccone October 28, 2016  | Intro to AppSec
Scan code continuously.

Those new to AppSec might wonder – how often do I have to test my apps for security? One school of thought is: do a one-time scan of all or most apps in production, fix the most egregious defects and either consider security testing “done” – or maybe schedule another scan in several months, even for the next year. The problem with this model is that it doesn’t work... READ MORE

The Importance of Manual Penetration Testing

wriggins's picture
By Willa Riggins October 25, 2016  | Intro to AppSec
Why penetration testing is important.

What vulnerability did you deploy today? You’ve run your static and dynamic scans, implemented a secure development lifecycle, and made security job one -- but how sure are you? Some security testing just can’t be automated. In the end, the only way to know for sure is to perform a manual penetration test. Why use Manual Penetration Testing Traditionally, MPT on its own can be... READ MORE

AppSec: From the Breakroom to the Boardroom

sciccone's picture
By Suzanne Ciccone October 14, 2016  | Intro to AppSec
Appsec should be on the mind of every department.

Application security is an emerging and critical aspect of a security program; however, all AppSec attitudes are not created equal. Unlike other security initiatives, application security affects a lot of different people in your organization – and in different ways. A developer’s attitude toward and concerns about an application security program will not be the same as a member of... READ MORE

Software Grammar 101

amcguinness's picture
By Amanda McGuinness October 5, 2016  | Intro to AppSec
If only software had built-in code checking.

I am not a developer, I’m a writer. However, it has become clear to me that these two professions have more in common than I had originally thought. Really, we are doing the same thing - just in different languages, and to different ends. The gratification that comes from starting with a blank page, building something that didn't exist before, and achieving a purpose, is the same. I... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu