Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Lessons Learned Building an Application Security Team

cdomoney's picture
By Colin Domoney March 14, 2017  | Managing AppSec
Building an application security team.

In 2012, I joined a large investment bank in London to start and grow its application security programme from the ground up. My initial focus was on the selection of the best tool for the job; namely, a static code analysis scanner that could be deployed easily, and scale widely. Within a few months, I had access to the Veracode Application Security Platform, and I was ready to start scanning my... READ MORE

A Few of My Lessons Learned Building an AppSec Program

cdomoney's picture
By Colin Domoney March 13, 2017  | Managing AppSec

I recently joined Veracode after spending five years building an application security program from the ground up at a global investment bank. This experience gives me a unique perspective on the struggles and hurdles our customers are facing, and puts me in a position to share my lessons learned and provide helpful information and advice for those starting or managing a growing application... READ MORE

Your Next Steps if Your AppSec Program Is in the Baseline Stage

sciccone's picture
By Suzanne Ciccone March 9, 2017  | Managing AppSec

This is the second entry in a blog series that looks at each stage of an application security program’s maturity and outlines what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline (you're here!) Expanded Advanced If you are in the baseline application security stage,... READ MORE

Technologies Designed or Transformed for DevSecOps-Enablement

jfeiman's picture
By Joseph Feiman March 8, 2017  | Managing AppSec
DevSecOps-Enablement Technologies

As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against... READ MORE

Managing Flaw Review with a Large Multi-Vendor Application

cdomoney's picture
By Colin Domoney March 2, 2017  | Managing AppSec

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise, focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However, in a large enterprise, there are applications that are... READ MORE

How to Run a Successful Proof of Value for an Application Security Programme

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.... READ MORE

Strategies for Rapid Adoption of a Security Programme Within a Large Enterprise

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

A large-scale deployment of the Veracode static code analysis platform across a large enterprise presents a number of unique challenges, such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14-... READ MORE

Critical Capabilities that DevSecOps Technologies Should Demonstrate

jfeiman's picture
By Joseph Feiman February 28, 2017  | Managing AppSec
Critical Capabilities that DevSecOps Technologies Should Demonstrate

As we outlined in a previous blog post, security technologies, in order to fit DevOps and other agile development processes, should be at the fingertips of Dev and Ops professionals. Yet, neither group is necessarily proficient in security, security is not their priority, and security tools are often unintuitive to people outside the security industry. Cloud-based application security services (... READ MORE

Your Next Steps if Your AppSec Program Is in the Reactive Stage

sciccone's picture
By Suzanne Ciccone February 23, 2017  | Managing AppSec
Reactive application security programs should follow these steps.

This is the first blog in a series that will look at each stage of an application security program’s maturity and outline what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive (you're here!) Baseline Expanded Advanced If you are in the first stage and taking a reactive approach... READ MORE

How important is it to stay on top of the quickly evolving landscape of application security and application layer risk?

sciccone's picture
By Suzanne Ciccone February 9, 2017  | Managing AppSec

In a word, very. You simply cannot secure your application layer without being one step ahead of application security threats and solutions. The problem is that it’s almost impossible to keep up in the face of the current security skills shortage. In a report titled, “Hackers Wanted: An Examination of the Cybersecurity Labor Market,” the RAND Corporation states that: “It... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu