Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

To Understand How a Secure Application Layer Can Prevent Disaster, Look No Further Than 2014's High-Profile Cyberattacks

jmontesi's picture
By John Montesi August 26, 2015  | Intro to AppSec

2014 was a good year for cybercriminals. Several marquee hacks cost corporations billions of dollars — and, as Veracode's "2014: The Year of the Application Layer Breach" ebook points out, almost all of them originated in the application layer. As businesses of all types become increasingly dependent on software, the number of potential vulnerabilities in their systems skyrockets. From point-of-... READ MORE

Security Testing Is the Cheapest Way to Save a Billion Dollars

jmontesi's picture
By John Montesi August 12, 2015  | Intro to AppSec

Everyone heard about the great Target credit-card hack of 2013. It was a nightmare scenario — a massive security breach came to light as Black Friday and the holiday shopping season began. A lack of comprehensive security testing resulted in a situation that caused damage to Target's reputation, with subsequent reparations totaling $148 million to date, according to the New York Times.... READ MORE

A Systematic Approach Yields More Benefits Than Just Security Compliance

ewade's picture
By Evan Wade August 11, 2015  | Intro to AppSec

Regulations, such as those finance and healthcare must adhere to, are put in place to protect people's data. Patients, customers, employees and anyone else whose sensitive information is stored and transmitted generally don't like having it improperly handled. Makes sense, right? While real-world examples vary, and most sets of regulations cover far more than customer data alone, that... READ MORE

To Effectively Secure the Perimeter, Knowing Where Your Apps Stand and Using Automation Is Essential

ewade's picture
By Evan Wade August 10, 2015  | Intro to AppSec

In the software world, a lot of problems comprise two segments: the why, and the how. Usually, it's the how that gets results. Take the increasingly important practice of perimeter management. Sure, we all know why it's important to secure the perimeter, so to speak, by keeping our sites, apps and so on locked down, but knowing how to keep them airtight is what really matters. So, what... READ MORE

Internal Security Begins With Smart Policies

sdrew's picture
By Shawn Drew August 6, 2015  | Intro to AppSec

External threats seem to be getting all the attention in InfoSec these days, but they only represent one aspect of the overall threat every enterprise faces. Internal threats can be just as damaging and much more difficult to detect — which means every CISO has to consider internal security when designing an overall plan for his or her business. While there are a number of positive steps to... READ MORE

Security Vulnerabilities: 3 Points of Entry and How to Lock Them Down

ewade's picture
By Evan Wade April 9, 2015

Not even the best fence in the world is secure if you leave a gate hanging open. In a lot of ways, that basic idea sums up why most security vulnerabilities start with perpetrators finding relatively small security oversights. Attackers prefer the path of least resistance, and getting a proverbial foot (or even just a toe) in the door can allow them to leapfrog toward things they never would've... READ MORE

The New SDLC: Test Early, Test Often, Test Everything

dbonderud's picture
By Doug Bonderud February 4, 2015  | Intro to AppSec

It is six times as expensive to fix an app vulnerability in production than to fix one in development, according to a recent Veracode webinar. This shouldn't come as a surprise: developers test for functional and performance bugs early in the in the Software Development Life Cycle (SDLC). So it makes sense that people producing code are doing security testing early, they're testing often... READ MORE

Prevent Web Application Vulnerabilities by Testing Early

ewade's picture
By Evan Wade November 14, 2014  | Intro to AppSec

An exploit is not an exploit is not an exploit. Though many abusable web application vulnerabilities ostensibly come with the same goal in mind — namely, letting malicious jerks access all sorts of sensitive data — the various roads they take to reach that end are nearly as wide and varied as the types of software they attack. Here's a look at three well-known web application... READ MORE

How an Agile Development Process Fits into the Security User Story

eoslick's picture
By Evan Oslick November 4, 2014

The Agile development process focuses on user stories in order to build products. These stories are delivered in "sprints," which are intended to provide quick feedback. And while that quick feedback is important, the process behind it — which comprises whatever work is conducted during a sprint — comes with a major downside: constant architectural refactoring. The analyst group Securosis... READ MORE

A Guide to Static Testing of Web Apps: No Running Required

sdrew's picture
By Shawn Drew September 23, 2014  | Intro to AppSec

static-web-testing.jpg In the modern, fast-paced world of Agile software development, where an organization may have new or updated web apps released every few days or weeks, application security scans are sometimes delayed until the last part of the quality assurance (QA) phase. However, even if developers are versed in secure architectural design and threat modeling, security... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu