Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

How to Earn a Reputation as a Unicorn

anielsen's picture
By Anne Nielsen June 7, 2016  | Intro to AppSec

You have a great idea for a new product – what could possibly go wrong? One of my favorite games in business[1] is to have a pre-mortem wherein you imagine that you are a year older and wiser and whatever it is you are working on right now fails miserably. I mean, spectacularly – we are talking pets.com-style. This game plays into my hyperbolic nature, but also is useful in... READ MORE

What is Benchmarking?

hcampbell's picture
By Helena Campbell May 31, 2016  | Intro to AppSec

If you type ‘Benchmarking’ into Google, the top definition is “evaluating something by comparison with a standard”. Seems simple enough, but the bigger question here is – who sets that standard? In the past, we may have looked to the big enterprise size companies, however breaches such as; Talk Talk, and Target show us that it’s easy to see that even the... READ MORE

Top 3 Reasons Why Neglecting Application Security Is Risky Business

sciccone's picture
By Suzanne Ciccone May 10, 2016  | Intro to AppSec

Vtech, TalkTalk, OPM, Premera … you’ve seen the headlines about all the destructive breaches in 2015. Want to avoid the same fate? The best way to reduce your risk of a breach is to implement an application security program. Most organizations have sufficiently secured the network and hardware layers, but have yet to focus their attentions, or budgets, on the security of the application layer.... READ MORE

4 Quick and Painless Steps to Get an AppSec Program Going at Your Software Company

pherzog's picture
By Pete Herzog May 9, 2016  | Intro to AppSec

Your application security is a problem. So why are you just hearing about this now? Is Big Security suppressing this information? Or could it be that unless there's a huge breach that makes the staff come in on a weekend that anyone bothers to care? It's probably the second one. It's tough to give priority to something that seems to be not a problem the moment. It's true that you... READ MORE

Striking a Balance: How Software Producers Can Boost Security Without Comprising Development Speed

jlavery's picture
By Jessica Lavery April 28, 2016  | Intro to AppSec

The importance – and pressure -- of developing and managing secure code aren't lost on today's software vendors. As clouds have drifted into the mainstream, mobility and apps have become pervasive, and user expectations around functionality have grown, the need to deliver updates, patches and improvements on a regular and ongoing basis has skyrocketed. Many software providers now... READ MORE

Why Poring Through Lines of Code is Flinstonian: The Story of Fred the Code Reviewer

lmercer's picture
By Laurie Mercer April 20, 2016  | Intro to AppSec

Fred arrives at his customer site with a brief job description, a name, address and telephone number. The job is a secure code reviewer. Secure code reviewers are often employed to try to find security weaknesses during or at the end of a development cycle. A security consultant, typically a penetration tester or secure coding expert, will look at the source code and try to find weaknesses... READ MORE

You Lose

anielsen's picture
By Anne Nielsen April 18, 2016  | Intro to AppSec

How the heck did that happen? They just took your business. Do you know what sucks? Losing a HUGE sales opportunity that was custom made for your company. Literally custom-made: you worked with the executive sponsor and wrote the RFP for her. You spent hours in that window-less room and on the phone with your prospect making sure you had all your differentiators captured so that no competitor... READ MORE

Top 4 Ways Vulnerabilities Creep Into Your Software

sciccone's picture
By Suzanne Ciccone April 12, 2016  | Intro to AppSec

Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects?... READ MORE

Why AppSec is the Most Important Part of Your Security Ecosystem

pherzog's picture
By Pete Herzog March 24, 2016  | Intro to AppSec

According to a CERT 2015 advisory of the top 30 vulnerabilities, nearly all are application vulnerabilities. But that's not why application security is the most important part of the security ecosystem. According to Business Insider, there are approximately 1.8 billion mobile web users and 1.6 desktop web users. Mobile apps are dominating how people access the Internet; of desktop users, the... READ MORE

Don’t Overreact: 5 Steps for Responding to Vulnerability Disclosures

jlavery's picture
By Jessica Lavery March 19, 2016  | Intro to AppSec

Heartbleed, Shellshock, FREAK, POODLE, VENOM – these are just some of the branded vulnerabilities that were disclosed in the past two years. With so many branded vulnerabilities coming out executives are paying more attention to application security. This is great, except that it also means security professionals are under increased pressure to react to vulnerability disclosures, rather... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu