Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

Secure Development - One Bathroom Break At A Time

Paul Roberts's picture
By Paul Roberts August 25, 2014

Google went to great lengths to educate their developers about the benefits of security testing - even developing educational materials specifically to be read on the toilet. secure-bathroom-eduation.jpg There's enough evidence in favor of the use of security testing throughout the development cycle as to make "debates" about it moot. Still, many software development operations... READ MORE

PCI Compliance & Secure Coding: Implementing Best Practices from the Beginning

cjohanson's picture
By Caitlin Johanson July 15, 2014

13508806_m_2.jpg Is your SDLC process built on a shaky foundation?   A lot of the revisions to PCI DSS point toward the realization that security must be built into the development process. The foundation that ultimately controls the success or failure of this process must be built upon knowledge — that means training developers to avoid common coding flaws that can lead to... READ MORE

The Start of OWASP – A True Story

mcurphey's picture
By Mark Curphey May 26, 2014

On January 15, 2002, at 5:22 p.m. PST, Bill Gates sent a memo—subject: “Trustworthy computing”—to everyone at Microsoft and its subsidiaries. “Trustworthy computing,” he wrote, “is the highest priority for all the work we are doing.” It launched the SDL (Security Development Lifecycle) initiative and generally shook up the industry. On September 24, 2001, some four months before the Gates memo,... READ MORE

Static Testing vs. Dynamic Testing

Neil's picture
By Neil DuPaul December 3, 2013  | Intro to AppSec

Updated: 2/4/2019 With reports of website vulnerabilities and data breaches regularly featured in the news, securing the software development life cycle (SDLC) has never been so important. Enterprises must, therefore, choose carefully the correct security techniques to implement. Static and dynamic analyses are two of the most popular types of code security tests. Before implementation however,... READ MORE

The Appsec Program Maturity Curve 2 of 4

mteeling's picture
By Michael Teeling November 8, 2013  | Intro to AppSec

Program Levels 1 to 2 – from Ad-Hoc to Blueprint This is post two in a series on the Application Program Maturity Curve, you can read the first post of this series here. As we’ve discussed, the program maturity model for Application Security has six levels. You should be able to recognize at which stage of the curve your particular organization is. The easiest one to recognize is an... READ MORE

OWASP Top Ten 2013

Neil's picture
By Neil DuPaul September 18, 2013  | Intro to AppSec

The Open Web Application Security Project (OWASP) was started in 2001 with the avowed mission of ‘making software security visible, so that individuals and organizations worldwide can make informed discussions about true software risks.’ Since then OWASP’s influence has grown to the point that their Top 10 project is referenced by many standards, books, tools, and organizations... READ MORE

What Happens When Companies Don’t Give Web App Security the Attention it Deserves

cwysopal's picture
By Chris Wysopal July 26, 2013  | Research 3

I recently blogged about Web-based threats finally getting the respect they deserve?, but a recent New York Times article reminds us what happens when companies don’t pay enough attention to this crucial area of security. The article, titled “Wall Street’s Exposure to Hacking Laid Bare” describes not only the damage done by the five men involved in a seven year hacking spree, it also details how... READ MORE

The Real Cost of a Data Breach Infographic

Neil's picture
By Neil DuPaul July 26, 2013  | Intro to AppSec

What happens when you let your application security posture go unchecked? Data breaches happen and with every breach comes a cost. As we've just witnessed in recent headlines regarding the five Eastern European computer programmers that went on a seven year hacking spree, this cost can be quite high with damages estimated to exceed $300 million. The indicted hackers gained access to the... READ MORE

Hacking the Mind: How & Why Social Engineering Works

Neil's picture
By Neil DuPaul March 6, 2013  | 6

Watch a recreation of the phone call that won the 2017 DEFCON Social Engineering CTF! Social engineering: the hack that requires no knowledge of code. Despite its relative simplicity the risks associated with social engineering are just as serious as the numerous hacks that have populated recent headlines. For everyday citizens awareness of social engineering scams and the methods they use that... READ MORE

Our NFC Enabled Future: Outlook Not So Good

Paul Roberts's picture
By Paul Roberts January 3, 2013

NFC - or Near Field Communications -has better than even odds to be the “next big thing,” enabling your already-indispensable smartphone to subsume everything from your wallet to your car keys. But when it comes to security the outlook is - as the Magic 8 Ball might say - “not so good.” NFC is a short-range wireless communication standard that succeeded a slew of earlier contactless... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu