Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Should You Be Measuring Flaw Rate?

anielsen's picture
By Anne Nielsen August 27, 2019
Find out if flaw rate should be one of your AppSec metrics

Metrics — or perhaps more accurately, the right metrics — are crucial for understanding what’s really happening in your AppSec program. They serve a dual purpose: They demonstrate your organization’s current state, and also show what progress it’s making in achieving its objectives.  We typically recommend our customers measure their compliance against their own internal AppSec policy, plus... READ MORE

Key Ways to Make the Case for AppSec Budget

sciccone's picture
By Suzanne Ciccone August 15, 2019
Getting a bigger slice of the security budget pie for AppSec

Security departments are juggling a multitude of security initiatives, and each is competing for a slice of one budget. How do you make the case that AppSec deserves a slice of that budget pie, or a bigger slice, or even to make the pie bigger? Here are a few key ways: Find a compelling event The most obvious compelling event, of course, is a breach, but there are other events that will compel... READ MORE

Introducing Veracode’s New Analytics Capabilities

ctartow's picture
By Colleen Tartow July 3, 2019  | Managing AppSec
Announcing Veracode's new analytics capabilities

If we have data, let's look at data. If all we have are opinions, let's go with mine." -- Jim Barksdale The ability to report on your application security program depends on access to your AppSec data. For questions from “how can I help my board understand our current risk posture?” to “which teams are developing secure code, and which need additional AppSec training?” – data is the key. Nobody... READ MORE

Key Components to Consider When Kicking Off Your Veracode AppSec Program

mfrancis's picture
By Melissa Francis June 25, 2019  | Managing AppSec
Tips from a seasoned security program manager on getting AppSec started on the right foot

I’ve been working as a Veracode security program manager since 2013, and have adopted AppSec best practices in those six years that contribute to successful AppSec programs. I started my journey here as a program manager and was fortunate enough to manage and lead some of Veracode’s largest and most complex customer programs. Today, I’m managing a team of program managers. In this blog, I will... READ MORE

Veracode to showcase DevSecOps solutions at inaugural AWS re:Inforce

pnodoushani's picture
By Paiman Nodoushani June 25, 2019  | Managing AppSec

Developers and security professionals from around the world are descending on Boston this week to attend the first AWS security conference, re:Inforce, for what promises to be one of the most exciting events in recent memory in the industry. As a pioneer of application security that is helping educate both security and dev teams in building more secure code, Veracode is proud to be a platinum... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Starting an AppSec Program, Part 2

ckirsch's picture
By Chris Kirsch June 20, 2019  | Managing AppSec
Get details on Unum's journey to AppSec maturity.

This is part two of a two-part blog series on a presentation by Hooper Kincannon, Cyber Security Engineer at Unum Group, on “Secure from the Start: A Case Study on Software Security” at the Gartner Security & Risk Management Summit in National Harbor, MD. In this presentation, Hooper provided a great blueprint for starting a DevSecOps program. In part one, I summarized how Hooper got buy-in... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Starting a Web Application Security Program

ckirsch's picture
By Chris Kirsch June 20, 2019  | Managing AppSec
Get advice on building out your AppSec program

Bootstrapping an application security program is hard. Technology is only one part of the equation. You need to inventory your applications, get stakeholders on board, and then execute on the holy trinity of people, process, and technology. That’s why I was excited to see Hooper Kincannon, Cyber Security Engineer at Unum Group, present on “Secure from the Start: A Case Study on Software Security... READ MORE

Embracing the “Sec” in DevSecOps: How Veracode and AWS Work Together to Help You Build Secure Apps

jyeras's picture
By Jay Yeras June 19, 2019
Tips on optimizing the

Developers, like most builders, are creative critical thinkers who take pride in their work. Let’s focus on the word “builder” for a moment. During the industrial revolution, we saw a shift in manufacturing where time-consuming processes were made more efficient through automation. With that, we also saw the concept of an assembly line and interchangeable parts transform businesses. The idea was... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Pair Security Trainings With Technical Controls

Live from Gartner Security and Risk Mgmt Summit

“We often forget that technology cannot solve the world’s problems.” That was one of the opening lines of Joanna Huisman’s session “Magic Quadrant for Security Awareness Computer-Based Training” at the Gartner Security & Risk Management Summit in National Harbor, MD. While her Magic Quadrant doesn’t address DevSecOps trainings, I took away some valuable lessons that also apply to this area.... READ MORE

Application Security Beyond Static Analysis

sciccone's picture
By Suzanne Ciccone June 18, 2019  | Managing AppSec

table thead th, table tbody td, table tr td { border-left: 1px solid #e5e5e5; } .blog-home-page .content-wrapper table th { color: #000; } .table-overflow { overflow-x: auto; } There is no application security “silver bullet” – it takes a combination of testing types to effectively reduce your risk. Each testing method has a different role to play and works best when used in... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 


 

 

contact menu