Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Your Next Steps if Your AppSec Program Is in the Baseline Stage

sciccone's picture
By Suzanne Ciccone March 9, 2017  | Managing AppSec

This is the second entry in a blog series that looks at each stage of an application security program’s maturity and outlines what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline (you're here!) Expanded Advanced If you are in the baseline application security stage,... READ MORE

Technologies Designed or Transformed for DevSecOps-Enablement

jfeiman's picture
By Joseph Feiman March 8, 2017  | Managing AppSec
DevSecOps-Enablement Technologies

As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against... READ MORE

Managing Flaw Review with a Large Multi-Vendor Application

cdomoney's picture
By Colin Domoney March 2, 2017  | Managing AppSec

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise, focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However, in a large enterprise, there are applications that are... READ MORE

How to Run a Successful Proof of Value for an Application Security Programme

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.... READ MORE

Strategies for Rapid Adoption of a Security Programme Within a Large Enterprise

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

A large-scale deployment of the Veracode static code analysis platform across a large enterprise presents a number of unique challenges, such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14-... READ MORE

Critical Capabilities that DevSecOps Technologies Should Demonstrate

jfeiman's picture
By Joseph Feiman February 28, 2017  | Managing AppSec
Critical Capabilities that DevSecOps Technologies Should Demonstrate

As we outlined in a previous blog post, security technologies, in order to fit DevOps and other agile development processes, should be at the fingertips of Dev and Ops professionals. Yet, neither group is necessarily proficient in security, security is not their priority, and security tools are often unintuitive to people outside the security industry. Cloud-based application security services (... READ MORE

Your Next Steps if Your AppSec Program Is in the Reactive Stage

sciccone's picture
By Suzanne Ciccone February 23, 2017  | Managing AppSec
Reactive application security programs should follow these steps.

This is the first blog in a series that will look at each stage of an application security program’s maturity and outline what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive (you're here!) Baseline Expanded Advanced If you are in the first stage and taking a reactive approach... READ MORE

How important is it to stay on top of the quickly evolving landscape of application security and application layer risk?

sciccone's picture
By Suzanne Ciccone February 9, 2017  | Managing AppSec

In a word, very. You simply cannot secure your application layer without being one step ahead of application security threats and solutions. The problem is that it’s almost impossible to keep up in the face of the current security skills shortage. In a report titled, “Hackers Wanted: An Examination of the Cybersecurity Labor Market,” the RAND Corporation states that: “It... READ MORE

My Advice to Software Vendors: Answer Security Questions Before Your Customers Start Asking

chausammann's picture
By Christine Hausammann January 27, 2017  | Managing AppSec
Answer Security Questions Before Your Customers Start Asking

Companies that sell software for a living are gradually facing more and more pressure to cough up proof of security for their products. Working on the business development team at Veracode, I’ve seen this tidal wave growing, and my best advice to software vendors is to be proactive. If you learn what to expect and how to answer different attestation requests, you’ll be ahead of many... READ MORE

Introducing Automated AppSec Consultation Scheduling

anielsen's picture
By Anne Nielsen January 27, 2017  | Managing AppSec
Automated read-out call scheduling is now available!

Simplifying the process of getting Veracode’s help fixing security findings Veracode provides security experts on-demand to help developers make sense of the findings resulting from a security analysis – SAST, DAST, etc. These experts give developers context on Veracode’s scan results and provide advice on appropriate actions that would resolve the findings, either through a... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu