Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

Top 3 Reasons Why Neglecting Application Security Is Risky Business

sciccone's picture
By Suzanne Ciccone May 10, 2016  | Intro to AppSec

Vtech, TalkTalk, OPM, Premera … you’ve seen the headlines about all the destructive breaches in 2015. Want to avoid the same fate? The best way to reduce your risk of a breach is to implement an application security program. Most organizations have sufficiently secured the network and hardware layers, but have yet to focus their attentions, or budgets, on the security of the... READ MORE

4 Quick and Painless Steps to Get an AppSec Program Going at Your Software Company

pherzog's picture
By Pete Herzog May 9, 2016  | Intro to AppSec

Your application security is a problem. So why are you just hearing about this now? Is Big Security suppressing this information? Or could it be that unless there's a huge breach that makes the staff come in on a weekend that anyone bothers to care? It's probably the second one. It's tough to give priority to something that seems to be not a problem the moment. It's true that you... READ MORE

Striking a Balance: How Software Producers Can Boost Security Without Comprising Development Speed

jlavery's picture
By Jessica Lavery April 28, 2016  | Intro to AppSec

The importance – and pressure -- of developing and managing secure code aren't lost on today's software vendors. As clouds have drifted into the mainstream, mobility and apps have become pervasive, and user expectations around functionality have grown, the need to deliver updates, patches and improvements on a regular and ongoing basis has skyrocketed. Many software providers now... READ MORE

Why Poring Through Lines of Code is Flinstonian: The Story of Fred the Code Reviewer

lmercer's picture
By Laurie Mercer April 20, 2016  | Intro to AppSec

Fred arrives at his customer site with a brief job description, a name, address and telephone number. The job is a secure code reviewer. Secure code reviewers are often employed to try to find security weaknesses during or at the end of a development cycle. A security consultant, typically a penetration tester or secure coding expert, will look at the source code and try to find weaknesses... READ MORE

You Lose

anielsen's picture
By Anne Nielsen April 18, 2016  | Intro to AppSec

How the heck did that happen? They just took your business. Do you know what sucks? Losing a HUGE sales opportunity that was custom made for your company. Literally custom-made: you worked with the executive sponsor and wrote the RFP for her. You spent hours in that window-less room and on the phone with your prospect making sure you had all your differentiators captured so that no competitor... READ MORE

Top 4 Ways Vulnerabilities Creep Into Your Software

sciccone's picture
By Suzanne Ciccone April 12, 2016  | Intro to AppSec

Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects?... READ MORE

Why AppSec is the Most Important Part of Your Security Ecosystem

pherzog's picture
By Pete Herzog March 24, 2016  | Intro to AppSec

According to a CERT 2015 advisory of the top 30 vulnerabilities, nearly all are application vulnerabilities. But that's not why application security is the most important part of the security ecosystem. According to Business Insider, there are approximately 1.8 billion mobile web users and 1.6 desktop web users. Mobile apps are dominating how people access the Internet; of desktop users, the... READ MORE

Don’t Overreact: 5 Steps for Responding to Vulnerability Disclosures

jlavery's picture
By Jessica Lavery March 19, 2016  | Intro to AppSec

Heartbleed, Shellshock, FREAK, POODLE, VENOM – these are just some of the branded vulnerabilities that were disclosed in the past two years. With so many branded vulnerabilities coming out executives are paying more attention to application security. This is great, except that it also means security professionals are under increased pressure to react to vulnerability disclosures, rather... READ MORE

Where AppSec has let me down

jcratty's picture
By Jeff Cratty February 24, 2016  | Intro to AppSec | Secure Development 5

There are a lot of great perks that come with being a developer.  On the upside, I enjoy the challenge of developing solutions to real world problems with peers in UX, PM, QA, Ops, etc.  I love the creative process and the energy a team has when we are firing in the same direction at the same time.  I love building the stuff and making the team hum.  I love that sense of... READ MORE

3 Steps To Getting Started With Web Application Security

sciccone's picture
By Suzanne Ciccone February 23, 2016  | Intro to AppSec

Companies are producing more applications today than ever before, and with this increased production comes increased risk.  Many enterprises recognize the need for application security but aren’t making it a priority.  This is usually because application security is mistakenly seen as an overly complex and expensive endeavor. What those responsible for securing the applications at... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu