Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Trends in Open Source Security

sciccone's picture
By Suzanne Ciccone August 28, 2018
Get our VP of Strategy's take on open source security trends.

We recently held a Virtual Summit centered on the topic of open source library use and risk. Mark Curphey, Veracode’s VP of Strategy, gave the keynote address on trends in this space. Curphey, who is also the founder of OWASP and previously CEO of SourceClear (recently acquired by Veracode), believes that we are at a fundamental turning point in application security. He sees this shift stemming... READ MORE

What About the Testing You Can't Automate?

cwysopal's picture
By Chris Wysopal August 23, 2018
How do manual security tests fit into DevOps?

The shift to DevSecOps is altering the security role in some fundamental ways. We’ve seen this new environment changing not only the security team’s tasks and responsibilities, but also their mindset. Specifically, the security team has had to shift from thinking like a “breaker” to thinking like a “builder.” Rather than focusing on auditing the code at the end of the development cycle, they now... READ MORE

AppSec Mistake No. 3: Neglecting to Integrate AppSec Into Developer Processes

sciccone's picture
By Suzanne Ciccone August 15, 2018
Why it's a mistake to not integrate your security testing into dev processes

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security... READ MORE

AppSec Mistake No. 2: Ignoring Open Source Library Use

sciccone's picture
By Suzanne Ciccone August 3, 2018
How to manage the risk of open source libraries.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the second in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security success. Open... READ MORE

Black Hat 2018: The Art of Secure Code

SKing's picture
By Sam King August 2, 2018
Veracode talks art of secure code at Black Hat 2018

This year’s Black Hat conference has some of the most diverse and intriguing sessions of any recent industry event. Attendees will have the opportunity to explore hacking of voting booths, learn about vulnerabilities in critical infrastructure and see live demos of how attackers can alter functionality of some of the most popular digital payment systems. These vastly different threats have... READ MORE

The Art of Secure Code

sciccone's picture
By Suzanne Ciccone August 1, 2018
We're talking the art of secure code at Black Hat 2018

We think a high-quality and highly secure app is a work of art. As with any artistic endeavor, it takes creativity, resources, training, and talent to create secure code. Maybe it’s a little bit of stretch to compare your software developers to Picasso, but we would argue that there are a lot of similarities between creating a great piece of secure code and a great piece of art. For example, both... READ MORE

AppSec Mistake No. 1: Using Only One Testing Type

sciccone's picture
By Suzanne Ciccone July 30, 2018
Learn from the top AppSec mistakes we see.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the first in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security success. The... READ MORE

Veracode Dynamic Analysis Helps You Check Your Security Headers

schavali's picture
By Saikrishna Chavali July 30, 2018
Security Header Recommendations

Veracode Dynamic Analysis helps you follow Google I/O 2018 security recommendations I've been binging on the Google I/O 2018 videos. I guess every web geek does! One video caught my attention: Google Chrome security team's improvements to fight off the Spectre & Meltdown "celebrity" vulnerabilities. They're using software at the browser level to mitigate against a hardware vulnerability. How... READ MORE

Veracode Dynamic Analysis: Reduce the Risk of a Breach

bsarathy's picture
By Bhavna Sarathy July 18, 2018
Details on our new Dynamic Analysis offering

Veracode Dynamic Analysis is a dynamic scanning solution that features automation, depth of coverage, and unmatched scalability. Built on microservices and cloud technologies, the Veracode Dynamic Analysis solution is available on the Veracode SaaS platform. Veracode Dynamic Analysis helps both vulnerability managers tasked with safeguarding the entire web application portfolio, and AppSec... READ MORE

Announcing New Veracode Dynamic Analysis

bsarathy's picture
By Bhavna Sarathy July 5, 2018
Find out about our new Dynamic Analysis.

Effective application security assesses applications across the entire software lifecycle – beyond the development phase and into production. Why is this necessary? If you’ve shifted security left, into the development process, why do you need to shift it right into production? To put it bluntly: Because people aren’t perfect, and bad guys never sleep. With the speed of today’s development... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu