Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

A Systematic Approach Yields More Benefits Than Just Security Compliance

ewade's picture
By Evan Wade August 11, 2015  | Intro to AppSec

Regulations, such as those finance and healthcare must adhere to, are put in place to protect people's data. Patients, customers, employees and anyone else whose sensitive information is stored and transmitted generally don't like having it improperly handled. Makes sense, right? While real-world examples vary, and most sets of regulations cover far more than customer data alone, that... READ MORE

To Effectively Secure the Perimeter, Knowing Where Your Apps Stand and Using Automation Is Essential

ewade's picture
By Evan Wade August 10, 2015  | Intro to AppSec

In the software world, a lot of problems comprise two segments: the why, and the how. Usually, it's the how that gets results. Take the increasingly important practice of perimeter management. Sure, we all know why it's important to secure the perimeter, so to speak, by keeping our sites, apps and so on locked down, but knowing how to keep them airtight is what really matters. So, what... READ MORE

Internal Security Begins With Smart Policies

sdrew's picture
By Shawn Drew August 6, 2015  | Intro to AppSec

External threats seem to be getting all the attention in InfoSec these days, but they only represent one aspect of the overall threat every enterprise faces. Internal threats can be just as damaging and much more difficult to detect — which means every CISO has to consider internal security when designing an overall plan for his or her business. While there are a number of positive steps to... READ MORE

The New SDLC: Test Early, Test Often, Test Everything

dbonderud's picture
By Doug Bonderud February 4, 2015  | Intro to AppSec

It is six times as expensive to fix an app vulnerability in production than to fix one in development, according to a recent Veracode webinar. This shouldn't come as a surprise: developers test for functional and performance bugs early in the in the Software Development Life Cycle (SDLC). So it makes sense that people producing code are doing security testing early, they're testing often... READ MORE

Prevent Web Application Vulnerabilities by Testing Early

ewade's picture
By Evan Wade November 14, 2014  | Intro to AppSec

An exploit is not an exploit is not an exploit. Though many abusable web application vulnerabilities ostensibly come with the same goal in mind — namely, letting malicious jerks access all sorts of sensitive data — the various roads they take to reach that end are nearly as wide and varied as the types of software they attack. Here's a look at three well-known web application... READ MORE

A Guide to Static Testing of Web Apps: No Running Required

sdrew's picture
By Shawn Drew September 23, 2014  | Intro to AppSec

static-web-testing.jpg In the modern, fast-paced world of Agile software development, where an organization may have new or updated web apps released every few days or weeks, application security scans are sometimes delayed until the last part of the quality assurance (QA) phase. However, even if developers are versed in secure architectural design and threat modeling, security... READ MORE

Secure Development - One Bathroom Break At A Time

Paul Roberts's picture
By Paul Roberts August 25, 2014

Google went to great lengths to educate their developers about the benefits of security testing - even developing educational materials specifically to be read on the toilet. secure-bathroom-eduation.jpg There's enough evidence in favor of the use of security testing throughout the development cycle as to make "debates" about it moot. Still, many software development operations... READ MORE

Static Testing vs. Dynamic Testing

Neil's picture
By Neil DuPaul December 3, 2013  | Intro to AppSec

​Updated: 7/18/2017 With reports of website vulnerabilities and data breaches regularly featuring in the news, securing the software development life cycle (SDLC) has never been so important. The enterprise must, therefore, choose carefully the correct security techniques to implement. Static and dynamic analyses are two of the most popular types of code security tests. Before implementation... READ MORE

The Appsec Program Maturity Curve 2 of 4

mteeling's picture
By Michael Teeling November 8, 2013  | Intro to AppSec

Program Levels 1 to 2 – from Ad-Hoc to Blueprint This is post two in a series on the Application Program Maturity Curve, you can read the first post of this series here. As we’ve discussed, the program maturity model for Application Security has six levels. You should be able to recognize at which stage of the curve your particular organization is. The easiest one to recognize is an... READ MORE

OWASP Top Ten 2013

Neil's picture
By Neil DuPaul September 18, 2013  | Intro to AppSec

The Open Web Application Security Project (OWASP) was started in 2001 with the avowed mission of ‘making software security visible, so that individuals and organizations worldwide can make informed discussions about true software risks.’ Since then OWASP’s influence has grown to the point that their Top 10 project is referenced by many standards, books, tools, and organizations... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu