Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Where Does Our AppSec Program Go From Here? Ask Yourself These Questions

sciccone's picture
By Suzanne Ciccone December 7, 2016  | Managing AppSec
How to improve your appsec program.

If you’ve just begun an application security program, but aren’t sure where to go next, here are a few questions to help point you in the right direction. Are you using more than one type of assessment technique? If not, how certain are you that your one method is locating every type of vulnerability? There is no application security silver bullet. If you’re only testing with... READ MORE

Application Security Predictions for 2017 and Beyond

jfeiman's picture
By Joseph Feiman December 6, 2016  | Managing AppSec
Application Security Predictions 2017

As 2016 winds down, I’ve been reflecting on how far the application security market has come over the past 12 years I’ve been involved in the industry. We’ve come a long way. But as technology continues to evolve, so will application security. The growing trend of continuous development, increasing use of third-party and open-source components, and the surging number of... READ MORE

Is Your Dynamic Scanning Context Aware?

JPelletier's picture
By Joe Pelletier December 6, 2016  | Managing AppSec
Dynamic analysis, context aware scanning.

When it comes to dynamic scanning, speed and accuracy are critical factors. Developers and security teams have no time for false positives, especially in a world where the time between releases is increasingly compressed. Yet a common vulnerability found by dynamic scanners is Cross-Site Scripting (XSS), and these vulnerabilities are often either false positive or missed due to poor coverage. In... READ MORE

How Are You Approaching AppSec? Here’s What Your Peers Are Doing … or Not Doing

sciccone's picture
By Suzanne Ciccone December 5, 2016  | Managing AppSec
Application security survey and poll results.

We recently surveyed 308 security professionals responsible for application security (AppSec) to find out the struggles they’re facing and the tactics they’re employing in securing their application layer. In analyzing the responses, we found that what the respondents are not doing regarding application security is often more revealing than what they are doing. The bottom line is that... READ MORE

Strengthening Your Security With Mundane—But Often-Overlooked—App Maintenance

eschuman's picture
By Evan Schuman December 1, 2016  | Managing AppSec
A Healthy Salad

It's often said in security circles that a massive percentage of intrusions and breaches could be thwarted by the IT equivalent of eating your vegetables and exercising regularly. Whereas CFOs are often attracted to—or, in some cases, repelled by—the shiny objects of high-end security defenses, the mundane wash-your-hands-before-eating rules have the most impact. That means not... READ MORE

What Makes an AppSec Program Successful: A Program Management Perspective

ppourmousa's picture
By Pejman Pourmousa November 30, 2016  | Managing AppSec
What Makes an AppSec Program Successful

I have spent the entirety of my career in the area of services management and delivery, specifically around compliance, risk and security. I have had the good fortune of seeing over 1,300 program deployments across all size companies spanning every industry. Today, I am the Director of Program Management at Veracode, working to help customers successfully adopt Veracode’s solutions. I... READ MORE

Regulations like FS-ISAC and PCI are now looking at the security of open source components, are you ready?

TJarrett's picture
By Tim Jarrett November 29, 2016  | Managing AppSec
Regulations that will look at the security of open source components

For years, organizations have “checked the box” by doing the minimum to meet security standards like PCI and FS-ISAC, but a rising tide of breaches has caused most auditors to look more seriously at organizations’ security practices, including the security of open source components. Do your developers use open source components? Are you prepared to answer regulators about their... READ MORE

A Single AppSec Technology Is Not Enough

sciccone's picture
By Suzanne Ciccone November 25, 2016  | Managing AppSec
Best appsec solution requires multiple assessment types.

There is no application security silver bullet; if you’re relying on only one technology, you are leaving your organization open to attack. Over the past 10 years, we have scanned 2 trillion-plus lines of code, and we consistently see that different testing types are better an uncovering different vulnerabilities, and that one testing type is not enough. Our most recent State of Software... READ MORE

What’s Your No. 1 AppSec Concern? Here’s What Our Survey Respondents Say

sciccone's picture
By Suzanne Ciccone November 18, 2016  | Managing AppSec
AppSec Survey Results

We recently surveyed 308 security professionals in the US and UK tasked with application security to find out their top AppSec concerns, stumbling blocks and tactics. Their biggest AppSec concern? Overwhelmingly, it was reducing the risk of attacks while building, buying and integrating more software than ever. A majority (58 percent) of survey respondents cited this as a concern. Across regions... READ MORE

Scoping for Risk Assessment

mhorton's picture
By Mitch Horton November 17, 2016  | Managing AppSec
How to scope risk in an appsec program.

Identifying the scope of Risk for an Application Security Program is not as difficult a task as it seems. Risk Strategies for network, server and desktop environments exist in almost every company and working with the compliance group is a great starting point.  If you do not have the assistance of a compliance group then there are some great resources out there, at Veracode the Security... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu