Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Introducing Dynamic Vulnerability Rescan: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 29, 2016  | Managing AppSec
Introducing Dynamic Rescanning from Veracode

As an application owner, you have the task of staying abreast of the security issues in critical applications soon to hit production. You need a workflow that allows you to quickly identify that vulnerabilities identified in a full dynamic scan have been addressed by development. You also have to produce a report to the business listing the vulnerabilities that have been addressed and those that... READ MORE

The Language of AppSec

bpitta's picture
By Brian Pitta August 26, 2016  | Managing AppSec
Language differences in application security.

Everyone has weird language issues they just can’t get right – mine is ordering at Starbucks. If the store doesn’t have sizes on display that I can awkwardly point to, I end up panicking, ordering a “tall,” and walking away disappointed with my small coffee. Starbucks and I just can’t speak the same language (yes, it’s my fault). This problem of speaking... READ MORE

Don’t Get Left Behind: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 19, 2016  | Managing AppSec
development speed doesn't need to be slowed by security

You are tasked with ensuring that critical applications soon to hit production are secure. As an application owner, you meticulously configure a dynamic scan with features you wish to enable for your scan, crawl scripts, login scripts, whitelisting and blacklisting of specific sites, and you kick off a scan. The scan runs for a few days. But the production deadline is looming, and your developers... READ MORE

Forcing Monthly Password Changes Only Helps The Thieves

eschuman's picture
By Evan Schuman August 11, 2016  | Security News
Monthly password change requirements weaken security!

When protecting app data, the default response for years has been passwords. And as long as a company's data is solely being defended by passwords, it makes sense to insist that they be changed regularly, no? Would not such mandated periodic changes shorten the life of the access-controls for thieves? Turns out that the answer is "no" to all of the above. To the extent that passwords provide... READ MORE

Taking The Worry Out Of Component Usage

chausammann's picture
By Christine Hausammann August 10, 2016  | Managing AppSec

Software development is changing fast, with one of the biggest recent changes being the shift to open source software. Although this change opens up a whole new world of coding possibilities, it also introduces new challenges, and problems. What’s the best way to balance its advantages and risks? Education recently experienced a similar shift. Harvard and MIT launched EdX not so long ago.... READ MORE

Why Focusing on “Shark Attack” Exploits is the Wrong Strategy

It seems like every summer there’s another horror story about shark sightings and attacks at local beaches. JAWS taught us all that sharks are scary and should be avoided in the open ocean. That’s pretty solid advice and I can’t argue with it. But you know what else is good advice for enjoying the perfect beach day? Knowing how to swim, wearing sunscreen, staying under an... READ MORE

3 Ways to Improve Your AppSec Program

nbousselham's picture
By Nabil Bousselham July 15, 2016  | Managing AppSec

It’s not a secret that applications have been a top vector for data breaches over the last five years (DBIR 2015). As organizations wade deeper into the DevOps era, it’s clear that a mature Application security program is a key pillar for organizational success. In this article I would like to present to you three ways to improve your application security program. 1. Establish a risk... READ MORE

Top Metrics to Demonstrate the Need to Expand an Application Security Program

sciccone's picture
By Suzanne Ciccone July 12, 2016  | Managing AppSec

You’ve started an application security initiative, yet you know you need to do more. But how do you prove the need to do more? Whether you’re making the case to executives or developers, we’ve found it’s hard to argue with numbers. Collecting a few key metrics will create a clear picture of where you are falling short, and where you need to expand your program. Every... READ MORE

Amplifying Security Feedback with RASP and DevOps

TJarrett's picture
By Tim Jarrett July 7, 2016  | Managing AppSec

When talking about how to secure DevOps, the conversation often starts with how to fit application security testing into the continuous integration/continuous deployment (CI/CD) pipeline. That’s a great area for concern, and there are lots of people writing about the topic. But limiting your thoughts about securing DevOps to “the pipeline” commits a classic fallacy: assuming... READ MORE

Why Firewalls Aren’t Your Only Friend

dstrom's picture
By David Strom June 21, 2016  | Intro to AppSec

Firewalls have been protecting networks for decades, and many of us can’t remember life before them. But they aren’t your only friends, and these days just having a firewall isn’t enough to keep the bad guys from penetrating your network. While they are a good first step, you need to start thinking beyond firewalls to keep your infrastructure secure. What is really required is to move away from... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu