Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Using Benchmarks to Make the Case for AppSec

sciccone's picture
By Suzanne Ciccone November 15, 2019
Benchmarks for your AppSec program

In a recent Veracode webinar on the subject of making the business case for AppSec, Colin Domoney, DevSecOps consultant, introduced the idea of using benchmarking to rally the troops around your AppSec cause. He says, “What you can do is you can show where your organization sits relative to other organizations and then your peers. If you're lagging, that's probably a good reason to further invest... READ MORE

State of Software Security v10: Top 5 Takeaways for Security Professionals

sciccone's picture
By Suzanne Ciccone November 12, 2019
What security pros should know about our latest SOSS report

It’s the 10th anniversary of our State of Software Security (SOSS) report! This year, like every year, we dug into our data from a recent 12-month period (this year we analyzed 85,000 applications, 1.4 million scans, and nearly 10 million security findings), but we also took a look back at 10 years of software security. With a decade’s worth of analysis about software vulnerabilities and the best... READ MORE

Automate Dynamic Analysis Scans With New REST APIs

bsarathy's picture
By Bhavna Sarathy October 31, 2019
Integrating DAST into developer processes with REST APIs

In today’s fast-paced, technology-driven world, security breaches have become an increasingly important priority for organizations; however, ensuring that your organization remains as secure as possible can be like trying to hit a moving target. One of the most common attack vectors that results in a breach is insecure web applications. Dynamic Application Security Testing (DAST) is one of the... READ MORE

Veracode Dynamic Analysis + Jenkins: Integrate DAST Into Your CI/CD Pipeline

mkvitnitsky's picture
By Marina Kvitnitsky October 30, 2019

It’s the age-old dilemma – balancing the need to ensure applications are secure with the need to release applications and updates on faster and faster schedules. With many teams adopting the principles of DevSecOps, and implementing security checks as early as possible in the SDLC, a key aspect of success is integrating security with the tools that development teams already use. The Veracode... READ MORE

Announcing the 10th Volume of our State of Software Security Report

sciccone's picture
By Suzanne Ciccone October 22, 2019  | Managing AppSec

Today marks a big milestone for Veracode, and for the application security industry – we’re releasing the 10th volume of our State of Software Security (SOSS) report. 10 SOSS reports and 80,000+ apps later, we’ve accumulated a lot of data, and a lot of insights, about application security trends and best practices. This year, we took a look back at the AppSec picture over the past 10 years, and... READ MORE

Beyond Testing: The Human Element of Application Security

sciccone's picture
By Suzanne Ciccone October 15, 2019
Effective AppSec is about more than just testing, there are some critical human elements

Companies of every size and in every industry are changing the world with software. From healthcare to agriculture, education, and manufacturing, software is enabling unprecedented advancement and innovation. But if that software is insecure, these innovations may get held up, or worse, put us at risk. And this is a very real concern; our most recent State of Software Security report found that... READ MORE

Making the Case for AppSec? Break Down Your Budget

sciccone's picture
By Suzanne Ciccone October 10, 2019
How to break down your AppSec budget ask

The bottom line on corporate decision-making comes down to the bottom line. It’s critical to demonstrate value for any new or expanded initiative. Fall short, and your odds of success are greatly diminished. How do you build the financial case for more robust AppSec, when the focus is on the impact to the bottom line? The key is understanding how to effectively design and present a budget that... READ MORE

Know Your Audience to Make the Case for AppSec

sciccone's picture
By Suzanne Ciccone September 26, 2019
Knowing your audience ups your chance of getting AppSec buy-in

Selling senior-level executives on any new concept can often feel like a trek up a mountain with a 60-pound pack on your back. So, how can you take your application security program to a new and better level with less effort? You focus on what’s really important: getting the right message to the right audience in a language they speak and connect with. Because when people hear things in terms... READ MORE

Should You Be Measuring Flaw Rate?

anielsen's picture
By Anne Nielsen August 27, 2019
Find out if flaw rate should be one of your AppSec metrics

Metrics — or perhaps more accurately, the right metrics — are crucial for understanding what’s really happening in your AppSec program. They serve a dual purpose: They demonstrate your organization’s current state, and also show what progress it’s making in achieving its objectives.  We typically recommend our customers measure their compliance against their own internal AppSec policy, plus... READ MORE

Key Ways to Make the Case for AppSec Budget

sciccone's picture
By Suzanne Ciccone August 15, 2019
Getting a bigger slice of the security budget pie for AppSec

Security departments are juggling a multitude of security initiatives, and each is competing for a slice of one budget. How do you make the case that AppSec deserves a slice of that budget pie, or a bigger slice, or even to make the pie bigger? Here are a few key ways: Find a compelling event The most obvious compelling event, of course, is a breach, but there are other events that will compel... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 


 

 

contact menu