Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

The Role of Applications in Today’s Digital World

sciccone's picture
By Suzanne Ciccone December 1, 2016  | Intro to AppSec
Software security in the modern world.

Five years ago, Marc Andreessen famously stated that “software is eating the world,” and it has and is in ways that he probably couldn’t have imagined even five years ago. Applications are no longer a nice-to-have. They play a central role in how and why businesses operate, and companies are producing them in unprecedented numbers. In fact, a typical $500 million-plus enterprise today has... READ MORE

What Makes an AppSec Program Successful: A Program Management Perspective

ppourmousa's picture
By Pejman Pourmousa November 30, 2016  | Managing AppSec
What Makes an AppSec Program Successful

I have spent the entirety of my career in the area of services management and delivery, specifically around compliance, risk and security. I have had the good fortune of seeing over 1,300 program deployments across all size companies spanning every industry. Today, I am the Director of Program Management at Veracode, working to help customers successfully adopt Veracode’s solutions. I wanted to... READ MORE

The Ransomware in our Dependencies

dfoo's picture
By Darius Foo November 30, 2016

Ransomware is a growing pernicious threat. Some ransomeware called 'Locky' was recently discovered spreading through Facebook Messenger, and just last weekend San Francisco's light-rail system was compromised by ransomware. Today we'll take an in-depth look at how ransomware can target developers, proliferating through library dependencies. What is Ransomware? Ransomware is malicious software... READ MORE

Regulations like FS-ISAC and PCI are now looking at the security of open source components, are you ready?

TJarrett's picture
By Tim Jarrett November 29, 2016  | Managing AppSec
Regulations that will look at the security of open source components

For years, organizations have “checked the box” by doing the minimum to meet security standards like PCI and FS-ISAC, but a rising tide of breaches has caused most auditors to look more seriously at organizations’ security practices, including the security of open source components. Do your developers use open source components? Are you prepared to answer regulators about their safety?... READ MORE

A Single AppSec Technology Is Not Enough

sciccone's picture
By Suzanne Ciccone November 25, 2016  | Managing AppSec
Best appsec solution requires multiple assessment types.

There is no application security silver bullet; if you’re relying on only one technology, you are leaving your organization open to attack. Over the past 10 years, we have scanned 2 trillion-plus lines of code, and we consistently see that different testing types are better an uncovering different vulnerabilities, and that one testing type is not enough. Our most recent State of Software... READ MORE

What’s Your No. 1 AppSec Concern? Here’s What Our Survey Respondents Say

sciccone's picture
By Suzanne Ciccone November 18, 2016  | Managing AppSec
AppSec Survey Results

We recently surveyed 308 security professionals in the US and UK tasked with application security to find out their top AppSec concerns, stumbling blocks and tactics. Their biggest AppSec concern? Overwhelmingly, it was reducing the risk of attacks while building, buying and integrating more software than ever. A majority (58 percent) of survey respondents cited this as a concern. Across regions... READ MORE

Scoping for Risk Assessment

mhorton's picture
By Mitch Horton November 17, 2016  | Managing AppSec
How to scope risk in an appsec program.

Identifying the scope of Risk for an Application Security Program is not as difficult a task as it seems. Risk Strategies for network, server and desktop environments exist in almost every company and working with the compliance group is a great starting point.  If you do not have the assistance of a compliance group then there are some great resources out there, at Veracode the Security... READ MORE

Risk Assessment – Starting the Conversation

mhorton's picture
By Mitch Horton November 16, 2016  | Managing AppSec
Risk assessments for application security

The subject of Risk is an old topic in Program and Project Management circles, identifying risks and developing strategies is the vision of success or the apparition of failure.  There are thousands of floors of compliance personnel developing Risk Strategies around the world, multiples of those floors for single companies! The benefits of developing a working Risk Strategy in Application... READ MORE

The Gap Between Development and Security Specialists Should Be Closed

jfeiman's picture
By Joseph Feiman November 8, 2016  | Managing AppSec
There's no reason for a gap between development and security.

All too often, application development professionals believe that application security is not their responsibility. To make matters worse, this belief is shared by their managers and CIOs, and reinforced by organizational structures and job descriptions. When asked about application security, developers might say: They are responsible only for application functionality and quality. They are not... READ MORE

Tips From the Front Lines: 4 Surefire Ways to Ensure a Successful AppSec Program

jcoletta's picture
By Joe Coletta November 7, 2016  | Managing AppSec

As a Customer Success Manager at Veracode, I work with over 60 clients to help optimize their application security programs. Security programs come in all shapes and sizes, as they should, because not every organization is built the same. However, I’ve worked with enough clients to say that, regardless of whether your organization is in the Fortune 500 or Tom, Dick & Harry, Ltd., there... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu