Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Do You Use Open-Source Components? Find Out What Our Latest Research Reveals

sciccone's picture
By Suzanne Ciccone October 31, 2016  | Managing AppSec
The challenge with open source components is in usage visibility.

We just published our seventh State of Software Security (SoSS) report. Based on the goldmine of data we have accumulated over the past 18 months and 300,000 security assessments, this SoSS report is intended to give security practitioners a clear picture of application security trends and how their initiatives compare to their peers’. New in this version of the report is a deep-dive look at the... READ MORE

CA Veracode’s CISO on the Journey from Compliant to Secure

bbrown's picture
By Bill Brown October 18, 2016  | Managing AppSec
A CISO's journey from compliant to secure.

As a relatively new CIO with responsibility for information security, I remember agonizing about making sure we could pass the latest compliance test. The whole process was wrought with inefficiencies, with different teams responding with evidence for similar control objectives associated with different control standards. It was death by a thousand controls. It didn’t matter which standard... READ MORE

Comparing vulnerable methods with static analysis

asharma's picture
By Asankhaya Sharma September 28, 2016

In this blog post, we will talk a bit about traditional static analysis - what it is, what it's used for, and where our vulnerable methods analysis fits in amongst the other kinds of static analysis. Wikipedia tells us: Static program analysis is the analysis of computer software that is performed without actually executing programs Why wouldn't we want to execute a program in order to analyze... READ MORE

Don’t Let Your AppSec Plan Go the Way of Your New Year’s Resolution

sciccone's picture
By Suzanne Ciccone September 27, 2016  | Managing AppSec
Appsec plans and new years resolutions.

With the wrong approach, your AppSec solution could go the way of your treadmill – a great piece of equipment, but not really producing results. Keep in mind that technology is only one part of an AppSec solution, and a technology-focused AppSec plan will end up like your technology-focused New Year’s resolution: a dust-coated treadmill with clothes draped all over it. The equipment... READ MORE

Security Grows Up

sciccone's picture
By Suzanne Ciccone September 21, 2016  | Managing AppSec
The software landscape is maturing security.

The technology landscape has changed and evolved to the point where old security tactics are no longer sufficient. In the same way that the tactics you use to keep your kids safe when they’re babies become ineffective, and actually detrimental to them, as they grow – sticking with old IT security tactics will not only leave you insecure, but will also hold back innovation, and your... READ MORE

Three Reasons AppSec Policies Matter

sciccone's picture
By Suzanne Ciccone September 16, 2016  | Managing AppSec
AppSec policies help prioritize, communicate, and benchmark efforts to secure code.

You probably get a lot of email. Do you give every email the same level of attention? Do you read, craft a thoughtful response, and immediately complete any follow-on tasks for every single email message as it comes in? If you do, congrats – but you probably don’t spend your days doing much else! Whether you know it or not, you have a policy regarding your emails. Maybe you... READ MORE

Introducing Dynamic Vulnerability Rescan: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 29, 2016  | Managing AppSec
Introducing Dynamic Rescanning from CA Veracode

As an application owner, you have the task of staying abreast of the security issues in critical applications soon to hit production. You need a workflow that allows you to quickly identify that vulnerabilities identified in a full dynamic scan have been addressed by development. You also have to produce a report to the business listing the vulnerabilities that have been addressed and those that... READ MORE

The Language of AppSec

bpitta's picture
By Brian Pitta August 26, 2016  | Managing AppSec
Language differences in application security.

Everyone has weird language issues they just can’t get right – mine is ordering at Starbucks. If the store doesn’t have sizes on display that I can awkwardly point to, I end up panicking, ordering a “tall,” and walking away disappointed with my small coffee. Starbucks and I just can’t speak the same language (yes, it’s my fault). This problem of speaking... READ MORE

Don’t Get Left Behind: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 19, 2016  | Managing AppSec
development speed doesn't need to be slowed by security

You are tasked with ensuring that critical applications soon to hit production are secure. As an application owner, you meticulously configure a dynamic scan with features you wish to enable for your scan, crawl scripts, login scripts, whitelisting and blacklisting of specific sites, and you kick off a scan. The scan runs for a few days. But the production deadline is looming, and your developers... READ MORE

Forcing Monthly Password Changes Only Helps The Thieves

eschuman's picture
By Evan Schuman August 11, 2016  | Security News
Monthly password change requirements weaken security!

When protecting app data, the default response for years has been passwords. And as long as a company's data is solely being defended by passwords, it makes sense to insist that they be changed regularly, no? Would not such mandated periodic changes shorten the life of the access-controls for thieves? Turns out that the answer is "no" to all of the above. To the extent that passwords provide... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu