When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.
- New Cyberspace Solarium Commission Report Offers Words of Warning for AppSec
A recent report from the Cyberspace Solarium Commission (CSC) includes detailed plans for guiding cybersecurity policies in the United States, which the commission feels is necessary to prevent catastrophic fallout from breaches and attacks for corporations and citizens alike. The report, released to the public in early March, embraces recommendations based on six pillars that the commission READ MORE
Stay up to date on Application Security
- Financial Sector Cybersecurity Framework Profile Consolidates Regulatory Requirements
Cyberattacks are an all too common occurrence, especially for financial institutions. In response, we are seeing an influx of security rules and regulations for financial institutions to follow. And – although the regulations are beneficial – complying with the regulations can be time consuming and costly. According to findings from the technology division of the Banking Policy Institute (BITS READ MORE
- To Scan or Not to Scan? Why Frequency Matters for DevSecOps
Frequency matters. We know from our 10th annual State of Software Security report (SOSS) that when development teams scan their code for security more than 300 times per year, they can reduce their security debt by five times. That’s five times less risk carried around by developers, freeing them up to focus on improving processes and tackling the most dangerous vulnerabilities. Recently, READ MORE
- AppSec Analytics and Reporting Tools Give You the Edge of Insight
As DevSecOps takes hold, more developers are taking on security-minded responsibilities. Instituting strong AppSec governance with policies backed by analytics and reporting enables developers to focus on real-world problems and deliver secure code ahead of schedule. It’s all in the numbers. When development and security teams invest in the right tools to speed up their processes and improve READ MORE
I’ll let you in on a little secret. Most hacks are boring. They aren’t the crazy, complicated “Ocean’s Eleven” style plan within a plan hacks you might see on TV or in the movies. To most people, actually hacking a website would be pretty boring. There are pieces of software you can grab off the Internet, point at a website, and data pops out. Those who take the time to learn basic techniques of READ MORE
Who is responsible for software security? This question has been asked by many in the industry. It’s asked because when major software vulnerabilities lead to data breaches or major problems, some may want to know who to blame. Others want to know how to prevent such mistakes in the future. Where should resources be directed to help prevent software vulnerabilities? Focus has increased READ MORE
- How Do You Encourage Developers to Be Passionate about Security? Give Them Some Grit
Most security teams and security executives want developers to care about application security. This is not to say that developers don’t care about security. Such a sweeping generalization is simply not appropriate. There are developers who care. Still, what organizations want most is to increase the number of developers that do care and decrease security bugs in their software. No one READ MORE
- Four Critical Steps to Speeding up DevSecOps Programs
The power of DevSecOps is undeniable. As more organizations adopt this methodology, it’s clearer than ever that writing secure code isn’t more time-consuming or complicated than writing insecure code—it all comes down to the right tools, training, and integrations. Incorporating security-minded processes into the development cycle early and often exposes developers to flaws and vulnerabilities READ MORE
- Weighing Pros and Cons to Select AppSec Testing Types
When determining the right testing types for your application security (AppSec) program, there are several questions that likely come to mind: What is the difference between the various AppSec tests? What vulnerabilities do the tests uncover? How many testing types do I need to include in my program? You can answer these questions and form the appropriate mix of security tests for your READ MORE
RSA is fast approaching, and as we here at Veracode are busy prepping for our trip out to San Francisco, we have been thinking about the theme of this year’s RSA conference – “the human element” – and what that means for us and for application security. The RSA Conference website explain that the “human element” theme this year highlights that “the actions we [security] take can affect every READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.