Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Application Security Mistake No. 5: Lack of Buy-In

sciccone's picture
By Suzanne Ciccone September 13, 2018
Why buy-in is critical for AppSec success.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the fifth in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

Veracode Users Talk About Selecting an AppSec Solution

sciccone's picture
By Suzanne Ciccone September 10, 2018
Get advice from Veracode users on selecting an AppSec solution.

With the shift to DevSecOps, developers are now primarily responsible for security testing in the early phases of the SDLC. If developers are conducting security testing, the old rules for selecting an application security solution no longer apply. What do application security selection criteria look like in a DevSecOps world? Veracode users are talking about this shift and their new selection... READ MORE

“Shifting Left” Requires Remediation Guidance

sciccone's picture
By Suzanne Ciccone September 7, 2018
Why remediation guidance is key to shifting security left

Shifting security “left” is about more than simply changing the timing of testing. When security shifts to earlier phases of the development lifecycle, it also changes the players responsible for conducting the testing and addressing the results. In the not-so-distant past, the security team would conduct most security testing late in the software development process, pass the results back “over... READ MORE

Application Security Mistake No. 4: Ignoring AppSec Policies

sciccone's picture
By Suzanne Ciccone August 30, 2018
Why policies are critical to AppSec success.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

Trends in Open Source Security

sciccone's picture
By Suzanne Ciccone August 28, 2018
Get our VP of Strategy's take on open source security trends.

We recently held a Virtual Summit centered on the topic of open source library use and risk. Mark Curphey, CA Veracode’s VP of Strategy, gave the keynote address on trends in this space. Curphey, who is also the founder of OWASP and previously CEO of SourceClear (recently acquired by CA Veracode), believes that we are at a fundamental turning point in application security. He sees this shift... READ MORE

What About the Testing You Can't Automate?

cwysopal's picture
By Chris Wysopal August 23, 2018
How do manual security tests fit into DevOps?

The shift to DevSecOps is altering the security role in some fundamental ways. We’ve seen this new environment changing not only the security team’s tasks and responsibilities, but also their mindset. Specifically, the security team has had to shift from thinking like a “breaker” to thinking like a “builder.” Rather than focusing on auditing the code at the end of the development cycle, they now... READ MORE

AppSec Mistake No. 3: Neglecting to Integrate AppSec Into Developer Processes

sciccone's picture
By Suzanne Ciccone August 15, 2018
Why it's a mistake to not integrate your security testing into dev processes

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

AppSec Mistake No. 2: Ignoring Open Source Library Use

sciccone's picture
By Suzanne Ciccone August 3, 2018
How to manage the risk of open source libraries.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the second in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security success. Open... READ MORE

Black Hat 2018: The Art of Secure Code

SKing's picture
By Sam King August 2, 2018
CA Veracode talks art of secure code at Black Hat 2018

This year’s Black Hat conference has some of the most diverse and intriguing sessions of any recent industry event. Attendees will have the opportunity to explore hacking of voting booths, learn about vulnerabilities in critical infrastructure and see live demos of how attackers can alter functionality of some of the most popular digital payment systems. These vastly different threats have... READ MORE

The Art of Secure Code

sciccone's picture
By Suzanne Ciccone August 1, 2018
We're talking the art of secure code at Black Hat 2018

We think a high-quality and highly secure app is a work of art. As with any artistic endeavor, it takes creativity, resources, training, and talent to create secure code. Maybe it’s a little bit of stretch to compare your software developers to Picasso, but we would argue that there are a lot of similarities between creating a great piece of secure code and a great piece of art. For example, both... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu