Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

The New Information Security Career Path for CISOs

ppaganini's picture
By Pierluigi Paganini October 22, 2015  | Intro to AppSec

An organization's security posture is becoming a key success factor. As cybersecurity becomes more essential, the role of the chief information security officer (CISO) is rapidly evolving — and with it the information security career path. A recent Forrester report, entitled "Evolve To Become The 2018 CISO Or Face Extinction," highlights how the CISO role is shifting to that... READ MORE

Need a Better IT Organizational Structure? There's an "I" in "IT"

dbonderud's picture
By Doug Bonderud October 21, 2015  | Intro to AppSec

Who's held responsible if company data is breached? According to Dark Reading, chief information security officers (CISOs) are a top pick — almost half of US CEOs and other C-suite execs say CISOs are accountable for IT security failures. But there's a problem, since only 38 percent believe CISOs should take charge of security strategy and purchasing decisions. Bottom line? This... READ MORE

Third-Party Application Security Risks in Modern Companies

ppaganini's picture
By Pierluigi Paganini October 15, 2015  | Intro to AppSec

How do companies approach third-party application security? With more and more services and products relying on third parties to facilitate software development, that's an important question. Third-party code can have a significant impact on cybersecurity, introducing risks at the same time as it speeds up business processes. And if firms fail to take those risks seriously, the effects can be... READ MORE

To Understand How a Secure Application Layer Can Prevent Disaster, Look No Further Than 2014's High-Profile Cyberattacks

jmontesi's picture
By John Montesi August 26, 2015  | Intro to AppSec

2014 was a good year for cybercriminals. Several marquee hacks cost corporations billions of dollars — and, as Veracode's "2014: The Year of the Application Layer Breach" ebook points out, almost all of them originated in the application layer. As businesses of all types become increasingly dependent on software, the number of potential vulnerabilities in their systems skyrockets. From point-of-... READ MORE

Security Testing Is the Cheapest Way to Save a Billion Dollars

jmontesi's picture
By John Montesi August 12, 2015  | Intro to AppSec

Everyone heard about the great Target credit-card hack of 2013. It was a nightmare scenario — a massive security breach came to light as Black Friday and the holiday shopping season began. A lack of comprehensive security testing resulted in a situation that caused damage to Target's reputation, with subsequent reparations totaling $148 million to date, according to the New York Times.... READ MORE

A Systematic Approach Yields More Benefits Than Just Security Compliance

ewade's picture
By Evan Wade August 11, 2015  | Intro to AppSec

Regulations, such as those finance and healthcare must adhere to, are put in place to protect people's data. Patients, customers, employees and anyone else whose sensitive information is stored and transmitted generally don't like having it improperly handled. Makes sense, right? While real-world examples vary, and most sets of regulations cover far more than customer data alone, that... READ MORE

To Effectively Secure the Perimeter, Knowing Where Your Apps Stand and Using Automation Is Essential

ewade's picture
By Evan Wade August 10, 2015  | Intro to AppSec

In the software world, a lot of problems comprise two segments: the why, and the how. Usually, it's the how that gets results. Take the increasingly important practice of perimeter management. Sure, we all know why it's important to secure the perimeter, so to speak, by keeping our sites, apps and so on locked down, but knowing how to keep them airtight is what really matters. So, what... READ MORE

Internal Security Begins With Smart Policies

sdrew's picture
By Shawn Drew August 6, 2015  | Intro to AppSec

External threats seem to be getting all the attention in InfoSec these days, but they only represent one aspect of the overall threat every enterprise faces. Internal threats can be just as damaging and much more difficult to detect — which means every CISO has to consider internal security when designing an overall plan for his or her business. While there are a number of positive steps to... READ MORE

Security Vulnerabilities: 3 Points of Entry and How to Lock Them Down

ewade's picture
By Evan Wade April 9, 2015

Not even the best fence in the world is secure if you leave a gate hanging open. In a lot of ways, that basic idea sums up why most security vulnerabilities start with perpetrators finding relatively small security oversights. Attackers prefer the path of least resistance, and getting a proverbial foot (or even just a toe) in the door can allow them to leapfrog toward things they never would've... READ MORE

The New SDLC: Test Early, Test Often, Test Everything

dbonderud's picture
By Doug Bonderud February 4, 2015  | Intro to AppSec

It is six times as expensive to fix an app vulnerability in production than to fix one in development, according to a recent Veracode webinar. This shouldn't come as a surprise: developers test for functional and performance bugs early in the in the Software Development Life Cycle (SDLC). So it makes sense that people producing code are doing security testing early, they're testing often... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu