Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

The Five Parts of Third-Party Application Security

gjames's picture
By Griff James January 5, 2017  | Managing AppSec

Third-party application security assurance is an essential part of a mature IT security program. While it’s true that every company today is a software company, the majority of applications within an enterprise’s application portfolio will be developed by third parties – often as off-the-shelf products.  A study by Quocirca found that the average enterprise has roughly 600... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

jzorabedian's picture
By John Zorabedian January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

Airbags and AppSec: Changing the Mindset on Software Security

cwysopal's picture
By Chris Wysopal December 13, 2016  | Managing AppSec
Seat belts and appsec, will software security ever become a requirement?

In the early 1960s, cars were unsafe. And the car industry’s attitude was: cars are just unsafe, and that’s the risk you take. But then the public started calling attention to the issue (with some help from Ralph Nader), refusing to simply accept that risk, and things started changing. Regulations emerged, car manufacturers started building security in, and we now have seatbelts,... READ MORE

Developers' Holiday Wish List: Make Yourself More Popular Than Santa

amcguinness's picture
By Amanda McGuinness December 8, 2016  | Managing AppSec
Developer gifts from security

With the holidays fast approaching, you are probably starting to think about what gifts to get for your family, friends and colleagues. This can be a daunting task – especially if the only answer you get to gift queries is "Oh I don't really want anything" or "You don’t have to get me anything! - even though they really do. (P.S., you’re all getting candles... READ MORE

Where Does Our AppSec Program Go From Here? Ask Yourself These Questions

sciccone's picture
By Suzanne Ciccone December 7, 2016  | Managing AppSec
How to improve your appsec program.

If you’ve just begun an application security program, but aren’t sure where to go next, here are a few questions to help point you in the right direction. Are you using more than one type of assessment technique? If not, how certain are you that your one method is locating every type of vulnerability? There is no application security silver bullet. If you’re only testing with... READ MORE

Application Security Predictions for 2017 and Beyond

jfeiman's picture
By Joseph Feiman December 6, 2016  | Managing AppSec
Application Security Predictions 2017

As 2016 winds down, I’ve been reflecting on how far the application security market has come over the past 12 years I’ve been involved in the industry. We’ve come a long way. But as technology continues to evolve, so will application security. The growing trend of continuous development, increasing use of third-party and open-source components, and the surging number of... READ MORE

Is Your Dynamic Scanning Context Aware?

JPelletier's picture
By Joe Pelletier December 6, 2016  | Managing AppSec
Dynamic analysis, context aware scanning.

When it comes to dynamic scanning, speed and accuracy are critical factors. Developers and security teams have no time for false positives, especially in a world where the time between releases is increasingly compressed. Yet a common vulnerability found by dynamic scanners is Cross-Site Scripting (XSS), and these vulnerabilities are often either false positive or missed due to poor coverage. In... READ MORE

How Are You Approaching AppSec? Here’s What Your Peers Are Doing … or Not Doing

sciccone's picture
By Suzanne Ciccone December 5, 2016  | Managing AppSec
Application security survey and poll results.

We recently surveyed 308 security professionals responsible for application security (AppSec) to find out the struggles they’re facing and the tactics they’re employing in securing their application layer. In analyzing the responses, we found that what the respondents are not doing regarding application security is often more revealing than what they are doing. The bottom line is that... READ MORE

Strengthening Your Security With Mundane—But Often-Overlooked—App Maintenance

eschuman's picture
By Evan Schuman December 1, 2016  | Managing AppSec
A Healthy Salad

It's often said in security circles that a massive percentage of intrusions and breaches could be thwarted by the IT equivalent of eating your vegetables and exercising regularly. Whereas CFOs are often attracted to—or, in some cases, repelled by—the shiny objects of high-end security defenses, the mundane wash-your-hands-before-eating rules have the most impact. That means not... READ MORE

What Makes an AppSec Program Successful: A Program Management Perspective

ppourmousa's picture
By Pejman Pourmousa November 30, 2016  | Managing AppSec
What Makes an AppSec Program Successful

I have spent the entirety of my career in the area of services management and delivery, specifically around compliance, risk and security. I have had the good fortune of seeing over 1,300 program deployments across all size companies spanning every industry. Today, I am the Director of Program Management at Veracode, working to help customers successfully adopt Veracode’s solutions. I... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu