Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Did You Read Our Most Popular 2019 Blog Posts?

sciccone's picture
By Suzanne Ciccone January 9, 2020
Find out the most-read Veracode blogs of 2019.

What were your biggest AppSec questions and concerns in 2019? Want to find out what others’ were? Every January, we look at the most-read blog posts from the previous year, and it always proves to be a valuable exercise for us, and we hope for you as well. The posts below were favorites among our readers in 2019 and highlight the software security issues that were top of mind. Their popularity... READ MORE

Security at DevOps Speed: How Veracode Reduces False Positives

jjanego's picture
By Jon Janego January 7, 2020
How Veracode ensures accurate AppSec testing results

Originally Published on November 27, 2017 -- Updated on January 7, 2020 Application security solutions that slow or stall the development process simply aren’t feasible in a DevOps world. AppSec will increasingly need to fit as seamlessly as possible into developer processes, or it will be under-used or overlooked. But overlooking AppSec puts your organization at high risk of a damaging breach.... READ MORE

AppSec Themes to Watch in 2020

sciccone's picture
By Suzanne Ciccone December 17, 2019
AppSec trends in 2020

Contributors: Paul Farrington, Veracode EMEA CTO Pejman Pourmousa, Veracode VP of Services Chris Wysopal, Veracode CTO and co-founder As we said in the introduction to our 10th anniversary State of Software Security report this year, the last 10 years in AppSec saw both enormous change, and a fair amount of stagnation. Part of the reason for the stagnation is that software development is... READ MORE

Making Moves: How to Successfully Transition to DevSecOps

hgoslin's picture
By Hope Goslin December 16, 2019
Get guidance on maturing your DevSecOps program.

As we look toward the future, it is becoming critical that development organizations are not only agile and flexible but – just as important – secure. In turn, security and development need to work together more closely than ever before. When security and development are in unison, organizations can produce higher quality code quicker and more securely while reducing costs and conforming to... READ MORE

DevSecOps Challenges From a Security Perspective

sciccone's picture
By Suzanne Ciccone December 6, 2019
Understanding development key to DevSecOps

The transition from DevOps to DevSecOps requires security professionals to have a whole new understanding of development processes, priorities, tools, and painpoints. It’s no longer feasible for security professionals to get by with a superficial understanding of how developers work. But this understanding can be a significant undertaking for most security pros who haven’t had to be immersed in... READ MORE

[VIDEO] How Veracode Leverages AWS to Eliminate AppSec Flaws at Scale

lpaine's picture
By Laura Paine November 26, 2019
Veracode has scanned more than 10 trillion lines of code

Veracode’s SaaS-native platform has scanned more than 10 trillion lines of code for security defects – that breaks down to more than 4 million applications, with 1 million of those scanned in the last year alone. By scanning in the Veracode platform, our customers benefit from the convenience of running programs, not systems, and developers free up much-needed processing power so they can... READ MORE

Using Benchmarks to Make the Case for AppSec

sciccone's picture
By Suzanne Ciccone November 15, 2019
Benchmarks for your AppSec program

In a recent Veracode webinar on the subject of making the business case for AppSec, Colin Domoney, DevSecOps consultant, introduced the idea of using benchmarking to rally the troops around your AppSec cause. He says, “What you can do is you can show where your organization sits relative to other organizations and then your peers. If you're lagging, that's probably a good reason to further invest... READ MORE

State of Software Security v10: Top 5 Takeaways for Security Professionals

sciccone's picture
By Suzanne Ciccone November 12, 2019
What security pros should know about our latest SOSS report

It’s the 10th anniversary of our State of Software Security (SOSS) report! This year, like every year, we dug into our data from a recent 12-month period (this year we analyzed 85,000 applications, 1.4 million scans, and nearly 10 million security findings), but we also took a look back at 10 years of software security. With a decade’s worth of analysis about software vulnerabilities and the best... READ MORE

Automate Dynamic Analysis Scans With New REST APIs

bsarathy's picture
By Bhavna Sarathy October 31, 2019
Integrating DAST into developer processes with REST APIs

In today’s fast-paced, technology-driven world, security breaches have become an increasingly important priority for organizations; however, ensuring that your organization remains as secure as possible can be like trying to hit a moving target. One of the most common attack vectors that results in a breach is insecure web applications. Dynamic Application Security Testing (DAST) is one of the... READ MORE

Veracode Dynamic Analysis + Jenkins: Integrate DAST Into Your CI/CD Pipeline

mkvitnitsky's picture
By Marina Kvitnitsky October 30, 2019

It’s the age-old dilemma – balancing the need to ensure applications are secure with the need to release applications and updates on faster and faster schedules. With many teams adopting the principles of DevSecOps, and implementing security checks as early as possible in the SDLC, a key aspect of success is integrating security with the tools that development teams already use. The Veracode... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.