Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Introducing Veracode’s New Analytics Capabilities

ctartow's picture
By Colleen Tartow July 3, 2019  | Managing AppSec
Announcing Veracode's new analytics capabilities

If we have data, let's look at data. If all we have are opinions, let's go with mine." -- Jim Barksdale The ability to report on your application security program depends on access to your AppSec data. For questions from “how can I help my board understand our current risk posture?” to “which teams are developing secure code, and which need additional AppSec training?” – data is the key. Nobody... READ MORE

Key Components to Consider When Kicking Off Your Veracode AppSec Program

mfrancis's picture
By Melissa Francis June 25, 2019  | Managing AppSec
Tips from a seasoned security program manager on getting AppSec started on the right foot

I’ve been working as a Veracode security program manager since 2013, and have adopted AppSec best practices in those six years that contribute to successful AppSec programs. I started my journey here as a program manager and was fortunate enough to manage and lead some of Veracode’s largest and most complex customer programs. Today, I’m managing a team of program managers. In this blog, I will... READ MORE

Veracode to showcase DevSecOps solutions at inaugural AWS re:Inforce

pnodoushani's picture
By Paiman Nodoushani June 25, 2019  | Managing AppSec

Developers and security professionals from around the world are descending on Boston this week to attend the first AWS security conference, re:Inforce, for what promises to be one of the most exciting events in recent memory in the industry. As a pioneer of application security that is helping educate both security and dev teams in building more secure code, Veracode is proud to be a platinum... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Starting an AppSec Program, Part 2

ckirsch's picture
By Chris Kirsch June 20, 2019  | Managing AppSec
Get details on Unum's journey to AppSec maturity.

This is part two of a two-part blog series on a presentation by Hooper Kincannon, Cyber Security Engineer at Unum Group, on “Secure from the Start: A Case Study on Software Security” at the Gartner Security & Risk Management Summit in National Harbor, MD. In this presentation, Hooper provided a great blueprint for starting a DevSecOps program. In part one, I summarized how Hooper got buy-in... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Starting a Web Application Security Program

ckirsch's picture
By Chris Kirsch June 20, 2019  | Managing AppSec
Get advice on building out your AppSec program

Bootstrapping an application security program is hard. Technology is only one part of the equation. You need to inventory your applications, get stakeholders on board, and then execute on the holy trinity of people, process, and technology. That’s why I was excited to see Hooper Kincannon, Cyber Security Engineer at Unum Group, present on “Secure from the Start: A Case Study on Software Security... READ MORE

Embracing the “Sec” in DevSecOps: How Veracode and AWS Work Together to Help You Build Secure Apps

jyeras's picture
By Jay Yeras June 19, 2019
Tips on optimizing the

Developers, like most builders, are creative critical thinkers who take pride in their work. Let’s focus on the word “builder” for a moment. During the industrial revolution, we saw a shift in manufacturing where time-consuming processes were made more efficient through automation. With that, we also saw the concept of an assembly line and interchangeable parts transform businesses. The idea was... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Pair Security Trainings With Technical Controls

Live from Gartner Security and Risk Mgmt Summit

“We often forget that technology cannot solve the world’s problems.” That was one of the opening lines of Joanna Huisman’s session “Magic Quadrant for Security Awareness Computer-Based Training” at the Gartner Security & Risk Management Summit in National Harbor, MD. While her Magic Quadrant doesn’t address DevSecOps trainings, I took away some valuable lessons that also apply to this area.... READ MORE

Application Security Beyond Static Analysis

sciccone's picture
By Suzanne Ciccone June 18, 2019  | Managing AppSec

table thead th, table tbody td, table tr td { border-left: 1px solid #e5e5e5; } .blog-home-page .content-wrapper table th { color: #000; } .table-overflow { overflow-x: auto; } There is no application security “silver bullet” – it takes a combination of testing types to effectively reduce your risk. Each testing method has a different role to play and works best when used in... READ MORE

Developer Dilemma: Where Does the Security Knowledge Gap Come From, and How Do We Fix It?

vlattell's picture
By Valerie Lattell May 28, 2019

When a security-related defect is found in code, it’s easy for security teams to jump to conclusions and place the blame on the developers. However, security teams need to change their approach to this issue and start understanding why there is a gap in developers’ security knowledge. Furthermore, how can we overcome that hurdle and provide our developers the tools they need to produce secure... READ MORE

Veracode Announces New DevOps Penetration Testing Service

teston's picture
By Tom Eston May 21, 2019
Get details on Veracode's new DevOps penetration testing

DevSecOps can be challenging for many organizations when you consider all the areas of the DevOps process that require security testing. Organizations that begin to shift security “left” often find significant gaps in the security of infrastructure and operational components that are now integrated into the development process. Many of the technologies being used in DevOps are also very new to... READ MORE



contact menu