Intro to AppSec

For those new to application security, we cover the application security basics and answer questions such as what is application security, why it's important, how it fits in the security ecosystem and how to get started.

Prevent Web Application Vulnerabilities by Testing Early

ewade's picture
By Evan Wade November 14, 2014  | Intro to AppSec

An exploit is not an exploit is not an exploit. Though many abusable web application vulnerabilities ostensibly come with the same goal in mind — namely, letting malicious jerks access all sorts of sensitive data — the various roads they take to reach that end are nearly as wide and varied as the types of software they attack. Here's a look at three well-known web application... READ MORE

How an Agile Development Process Fits into the Security User Story

eoslick's picture
By Evan Oslick November 4, 2014

The Agile development process focuses on user stories in order to build products. These stories are delivered in "sprints," which are intended to provide quick feedback. And while that quick feedback is important, the process behind it — which comprises whatever work is conducted during a sprint — comes with a major downside: constant architectural refactoring. The analyst group Securosis... READ MORE

A Guide to Static Testing of Web Apps: No Running Required

sdrew's picture
By Shawn Drew September 23, 2014  | Intro to AppSec

static-web-testing.jpg In the modern, fast-paced world of Agile software development, where an organization may have new or updated web apps released every few days or weeks, application security scans are sometimes delayed until the last part of the quality assurance (QA) phase. However, even if developers are versed in secure architectural design and threat modeling, security... READ MORE

Secure Development - One Bathroom Break At A Time

Paul Roberts's picture
By Paul Roberts August 25, 2014

Google went to great lengths to educate their developers about the benefits of security testing - even developing educational materials specifically to be read on the toilet. secure-bathroom-eduation.jpg There's enough evidence in favor of the use of security testing throughout the development cycle as to make "debates" about it moot. Still, many software development operations... READ MORE

PCI Compliance & Secure Coding: Implementing Best Practices from the Beginning

cjohanson's picture
By Caitlin Johanson July 15, 2014

13508806_m_2.jpg Is your SDLC process built on a shaky foundation?   A lot of the revisions to PCI DSS point toward the realization that security must be built into the development process. The foundation that ultimately controls the success or failure of this process must be built upon knowledge — that means training developers to avoid common coding flaws that can lead to... READ MORE

The Start of OWASP – A True Story

mcurphey's picture
By Mark Curphey May 26, 2014

On January 15, 2002, at 5:22 p.m. PST, Bill Gates sent a memo—subject: “Trustworthy computing”—to everyone at Microsoft and its subsidiaries. “Trustworthy computing,” he wrote, “is the highest priority for all the work we are doing.” It launched the SDL (Security Development Lifecycle) initiative and generally shook up the industry. On September 24, 2001, some four months before the Gates memo,... READ MORE

Static Testing vs. Dynamic Testing

Neil's picture
By Neil DuPaul December 3, 2013  | Intro to AppSec

Updated: 2/4/2019 With reports of website vulnerabilities and data breaches regularly featured in the news, securing the software development life cycle (SDLC) has never been so important. Enterprises must, therefore, choose carefully the correct security techniques to implement. Static and dynamic analyses are two of the most popular types of code security tests. Before implementation however,... READ MORE

The Appsec Program Maturity Curve 2 of 4

mteeling's picture
By Michael Teeling November 8, 2013  | Intro to AppSec

Program Levels 1 to 2 – from Ad-Hoc to Blueprint This is post two in a series on the Application Program Maturity Curve, you can read the first post of this series here. As we’ve discussed, the program maturity model for Application Security has six levels. You should be able to recognize at which stage of the curve your particular organization is. The easiest one to recognize is an... READ MORE

OWASP Top Ten 2013

Neil's picture
By Neil DuPaul September 18, 2013  | Intro to AppSec

The Open Web Application Security Project (OWASP) was started in 2001 with the avowed mission of ‘making software security visible, so that individuals and organizations worldwide can make informed discussions about true software risks.’ Since then OWASP’s influence has grown to the point that their Top 10 project is referenced by many standards, books, tools, and organizations... READ MORE

What Happens When Companies Don’t Give Web App Security the Attention it Deserves

cwysopal's picture
By Chris Wysopal July 26, 2013  | Research 3

I recently blogged about Web-based threats finally getting the respect they deserve?, but a recent New York Times article reminds us what happens when companies don’t pay enough attention to this crucial area of security. The article, titled “Wall Street’s Exposure to Hacking Laid Bare” describes not only the damage done by the five men involved in a seven year hacking spree, it also details how... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu