Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

The Gap Between Development and Security Specialists Should Be Closed

jfeiman's picture
By Joseph Feiman November 8, 2016  | Managing AppSec
There's no reason for a gap between development and security.

All too often, application development professionals believe that application security is not their responsibility. To make matters worse, this belief is shared by their managers and CIOs, and reinforced by organizational structures and job descriptions. When asked about application security, developers might say: They are responsible only for application functionality and quality. They are not... READ MORE

Tips From the Front Lines: 4 Surefire Ways to Ensure a Successful AppSec Program

jcoletta's picture
By Joe Coletta November 7, 2016  | Managing AppSec

As a Customer Success Manager at Veracode, I work with over 60 clients to help optimize their application security programs. Security programs come in all shapes and sizes, as they should, because not every organization is built the same. However, I’ve worked with enough clients to say that, regardless of whether your organization is in the Fortune 500 or Tom, Dick & Harry, Ltd., there... READ MORE

Our Latest Research: Some AppSec Programs Are Dramatically Reducing Risk – How Are They Doing It?

cdomoney's picture
By Colin Domoney November 1, 2016  | Managing AppSec
Findings from the latest stat of software security report.

We recently passed the 2 trillion mark for lines of code scanned. 2 trillion! That’s a lot of code, and a lot of scanning, and a lot of intelligence about what vulnerabilities are lurking where and the best ways to manage them. Our State of Software Security (SoSS) reports leverage this goldmine of data to highlight lessons learned, best practices, trends and insights for anyone starting or... READ MORE

How Dynamic Scanning Without Planning Almost Ruined My Fantasy League

bpitta's picture
By Brian Pitta November 1, 2016  | Managing AppSec
Dynamic scanning in production

“Is your scanner production-safe?” It’s one of the first questions teams ask me when we are discussing Veracode’s Web Application Scanning and black box testing capabilities. For many, this translates to two potential issues: Denial of service (DOS) – will your testing overload my application and take it down? Malicious attacks – if my application is susceptible to SQL injection, will your... READ MORE

Do You Use Open-Source Components? Find Out What Our Latest Research Reveals

sciccone's picture
By Suzanne Ciccone October 31, 2016  | Managing AppSec
The challenge with open source components is in usage visibility.

We just published our seventh State of Software Security (SoSS) report. Based on the goldmine of data we have accumulated over the past 18 months and 300,000 security assessments, this SoSS report is intended to give security practitioners a clear picture of application security trends and how their initiatives compare to their peers’. New in this version of the report is a deep-dive look at the... READ MORE

Veracode’s CISO on the Journey from Compliant to Secure

bbrown's picture
By Bill Brown October 18, 2016  | Managing AppSec
A CISO's journey from compliant to secure.

As a relatively new CIO with responsibility for information security, I remember agonizing about making sure we could pass the latest compliance test. The whole process was wrought with inefficiencies, with different teams responding with evidence for similar control objectives associated with different control standards. It was death by a thousand controls. It didn’t matter which standard... READ MORE

Comparing vulnerable methods with static analysis

asharma's picture
By Asankhaya Sharma September 28, 2016

In this blog post, we will talk a bit about traditional static analysis - what it is, what it's used for, and where our vulnerable methods analysis fits in amongst the other kinds of static analysis. Wikipedia tells us: Static program analysis is the analysis of computer software that is performed without actually executing programs Why wouldn't we want to execute a program in order to analyze... READ MORE

Don’t Let Your AppSec Plan Go the Way of Your New Year’s Resolution

sciccone's picture
By Suzanne Ciccone September 27, 2016  | Managing AppSec
Appsec plans and new years resolutions.

With the wrong approach, your AppSec solution could go the way of your treadmill – a great piece of equipment, but not really producing results. Keep in mind that technology is only one part of an AppSec solution, and a technology-focused AppSec plan will end up like your technology-focused New Year’s resolution: a dust-coated treadmill with clothes draped all over it. The equipment... READ MORE

Security Grows Up

sciccone's picture
By Suzanne Ciccone September 21, 2016  | Managing AppSec
The software landscape is maturing security.

The technology landscape has changed and evolved to the point where old security tactics are no longer sufficient. In the same way that the tactics you use to keep your kids safe when they’re babies become ineffective, and actually detrimental to them, as they grow – sticking with old IT security tactics will not only leave you insecure, but will also hold back innovation, and your... READ MORE

Three Reasons AppSec Policies Matter

sciccone's picture
By Suzanne Ciccone September 16, 2016  | Managing AppSec
AppSec policies help prioritize, communicate, and benchmark efforts to secure code.

You probably get a lot of email. Do you give every email the same level of attention? Do you read, craft a thoughtful response, and immediately complete any follow-on tasks for every single email message as it comes in? If you do, congrats – but you probably don’t spend your days doing much else! Whether you know it or not, you have a policy regarding your emails. Maybe you... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu