Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

The Open Source Conundrum

mcurphey's picture
By Mark Curphey November 15, 2018
Get details on our upcoming open source road show

If you’ve read or watched the news at all in the last five years, you know that securing software is challenging. And in today’s world, developers are shouldering a big part of this challenge. Here lies the conundrum. Developers are in the best position to secure code, but security is often not one of their priorities. With the shift to DevOps in recent years, development is all about speed of... READ MORE

Developer Tooling: A New Hope

mcurphey's picture
By Mark Curphey November 1, 2018
New dev tools will advance AppSec, not hinder it.

With all the doom and gloom surrounding the endless stream of data breaches, it’s sometimes easy to feel pessimistic about the future state of the AppSec industry. I should know, being British, my default psyche is that the glass is always half empty, not half full. But for me, AppSec is different. I have been in the AppSec business for almost 20 years and have never felt as optimistic that we... READ MORE

Application Security Mistake No. 6: Going It Alone

sciccone's picture
By Suzanne Ciccone October 9, 2018
Why outside help is critical for AppSec success.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the sixth and final post in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

The View From a Veracode Solution Architect: My Top 5 Lessons Learned

jtsmith's picture
By John Smith October 8, 2018
Lessons learned from Veracode implementations over the years

I recently had an interesting question from a prospective customer: What are the top 5 lessons learned from implementing your solution at companies similar to ours? After careful thought, and soliciting input from my fellow solution architects in the EMEA region, I came up with the list below. We’re sharing it here in the hopes it proves useful to others as they work to develop software both... READ MORE

Application Security Mistake No. 5: Lack of Buy-In

sciccone's picture
By Suzanne Ciccone September 13, 2018
Why buy-in is critical for AppSec success.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the fifth in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

Veracode Users Talk About Selecting an AppSec Solution

sciccone's picture
By Suzanne Ciccone September 10, 2018
Get advice from Veracode users on selecting an AppSec solution.

With the shift to DevSecOps, developers are now primarily responsible for security testing in the early phases of the SDLC. If developers are conducting security testing, the old rules for selecting an application security solution no longer apply. What do application security selection criteria look like in a DevSecOps world? Veracode users are talking about this shift and their new selection... READ MORE

“Shifting Left” Requires Remediation Guidance

sciccone's picture
By Suzanne Ciccone September 7, 2018
Why remediation guidance is key to shifting security left

Shifting security “left” is about more than simply changing the timing of testing. When security shifts to earlier phases of the development lifecycle, it also changes the players responsible for conducting the testing and addressing the results. In the not-so-distant past, the security team would conduct most security testing late in the software development process, pass the results back “over... READ MORE

Application Security Mistake No. 4: Ignoring AppSec Policies

sciccone's picture
By Suzanne Ciccone August 30, 2018
Why policies are critical to AppSec success.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

Trends in Open Source Security

sciccone's picture
By Suzanne Ciccone August 28, 2018
Get our VP of Strategy's take on open source security trends.

We recently held a Virtual Summit centered on the topic of open source library use and risk. Mark Curphey, Veracode’s VP of Strategy, gave the keynote address on trends in this space. Curphey, who is also the founder of OWASP and previously CEO of SourceClear (recently acquired by Veracode), believes that we are at a fundamental turning point in application security. He sees this shift stemming... READ MORE

What About the Testing You Can't Automate?

cwysopal's picture
By Chris Wysopal August 23, 2018
How do manual security tests fit into DevOps?

The shift to DevSecOps is altering the security role in some fundamental ways. We’ve seen this new environment changing not only the security team’s tasks and responsibilities, but also their mindset. Specifically, the security team has had to shift from thinking like a “breaker” to thinking like a “builder.” Rather than focusing on auditing the code at the end of the development cycle, they now... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu