Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Veracode’s CISO on the Journey from Compliant to Secure

bbrown's picture
By Bill Brown October 18, 2016  | Managing AppSec
A CISO's journey from compliant to secure.

As a relatively new CIO with responsibility for information security, I remember agonizing about making sure we could pass the latest compliance test. The whole process was wrought with inefficiencies, with different teams responding with evidence for similar control objectives associated with different control standards. It was death by a thousand controls. It didn’t matter which standard... READ MORE

Don’t Let Your AppSec Plan Go the Way of Your New Year’s Resolution

sciccone's picture
By Suzanne Ciccone September 27, 2016  | Managing AppSec
Appsec plans and new years resolutions.

With the wrong approach, your AppSec solution could go the way of your treadmill – a great piece of equipment, but not really producing results. Keep in mind that technology is only one part of an AppSec solution, and a technology-focused AppSec plan will end up like your technology-focused New Year’s resolution: a dust-coated treadmill with clothes draped all over it. The equipment... READ MORE

Security Grows Up

sciccone's picture
By Suzanne Ciccone September 21, 2016  | Managing AppSec
The software landscape is maturing security.

The technology landscape has changed and evolved to the point where old security tactics are no longer sufficient. In the same way that the tactics you use to keep your kids safe when they’re babies become ineffective, and actually detrimental to them, as they grow – sticking with old IT security tactics will not only leave you insecure, but will also hold back innovation, and your... READ MORE

Three Reasons AppSec Policies Matter

sciccone's picture
By Suzanne Ciccone September 16, 2016  | Managing AppSec
AppSec policies help prioritize, communicate, and benchmark efforts to secure code.

You probably get a lot of email. Do you give every email the same level of attention? Do you read, craft a thoughtful response, and immediately complete any follow-on tasks for every single email message as it comes in? If you do, congrats – but you probably don’t spend your days doing much else! Whether you know it or not, you have a policy regarding your emails. Maybe you... READ MORE

Introducing Dynamic Vulnerability Rescan: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 29, 2016  | Managing AppSec
Introducing Dynamic Rescanning from Veracode

As an application owner, you have the task of staying abreast of the security issues in critical applications soon to hit production. You need a workflow that allows you to quickly identify that vulnerabilities identified in a full dynamic scan have been addressed by development. You also have to produce a report to the business listing the vulnerabilities that have been addressed and those that... READ MORE

The Language of AppSec

bpitta's picture
By Brian Pitta August 26, 2016  | Managing AppSec
Language differences in application security.

Everyone has weird language issues they just can’t get right – mine is ordering at Starbucks. If the store doesn’t have sizes on display that I can awkwardly point to, I end up panicking, ordering a “tall,” and walking away disappointed with my small coffee. Starbucks and I just can’t speak the same language (yes, it’s my fault). This problem of speaking... READ MORE

Don’t Get Left Behind: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 19, 2016  | Managing AppSec
development speed doesn't need to be slowed by security

You are tasked with ensuring that critical applications soon to hit production are secure. As an application owner, you meticulously configure a dynamic scan with features you wish to enable for your scan, crawl scripts, login scripts, whitelisting and blacklisting of specific sites, and you kick off a scan. The scan runs for a few days. But the production deadline is looming, and your developers... READ MORE

Taking The Worry Out Of Component Usage

chausammann's picture
By Christine Hausammann August 10, 2016  | Managing AppSec

Software development is changing fast, with one of the biggest recent changes being the shift to open source software. Although this change opens up a whole new world of coding possibilities, it also introduces new challenges, and problems. What’s the best way to balance its advantages and risks? Education recently experienced a similar shift. Harvard and MIT launched EdX not so long ago.... READ MORE

Why Focusing on “Shark Attack” Exploits is the Wrong Strategy

It seems like every summer there’s another horror story about shark sightings and attacks at local beaches. JAWS taught us all that sharks are scary and should be avoided in the open ocean. That’s pretty solid advice and I can’t argue with it. But you know what else is good advice for enjoying the perfect beach day? Knowing how to swim, wearing sunscreen, staying under an... READ MORE

3 Ways to Improve Your AppSec Program

nbousselham's picture
By Nabil Bousselham July 15, 2016  | Managing AppSec

It’s not a secret that applications have been a top vector for data breaches over the last five years (DBIR 2015). As organizations wade deeper into the DevOps era, it’s clear that a mature Application security program is a key pillar for organizational success. In this article I would like to present to you three ways to improve your application security program. 1. Establish a risk... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.