Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Why Application Security Programs Fail

jlavery's picture
By Jessica Lavery December 17, 2015  | Managing AppSec

top-3-reasons-appsec-programs-fail-veracode.jpg The main hurdle that prohibits organizations from embarking on an advanced application security program is knowing where to start. But once you’ve figured out your starting point and your key metrics, and worked with groups in your enterprise to create a strategy, your program still isn’t guaranteed to be a success. There... READ MORE

How We Took Our Application Security Program From 0 to 60 in 12 Months

jlavery's picture
By Jessica Lavery December 14, 2015  | Managing AppSec 3

In the grand scheme of an enterprise’s life, one year isn’t a long time. Especially when you are talking about designing, implementing, iterating and improving an application security program. But that is the amount of time one financial services company took to create and improve their application security program. Upon speaking with the project manager I was most struck by his... READ MORE

5 Steps to a Better Application Security Program

dbonderud's picture
By Doug Bonderud December 10, 2015  | Managing AppSec

hands-coffee-cup-apple.jpg Effective application security — AppSec — isn't easy. As noted by eWeek, payment apps on both iOS and Android devices lack not only encryption but are at risk of tampering, which "could potentially enable an attacker to reroute funds." Despite the challenge of tracking down and securing vulnerabilities, however, many companies... READ MORE

The case for anonymous case studies

jlavery's picture
By Jessica Lavery December 10, 2015  | Managing AppSec

When beginning your application security journey, one of the most valuable actions you can take is to learn from the experiences of those who have gone before you. Yet the sensitive nature of security and the fear of becoming a target of hackers have led most enterprises to resist sharing their stories publicly. Some have shared their tales in closed-door meetings and exclusive events like the... READ MORE

Investing in AppSec: What's the Magic Number?

dbonderud's picture
By Doug Bonderud December 4, 2015  | Managing AppSec

How much should an organization spend on application security? Cybersecurity experts are often willing to break budgets when it comes to protecting critical applications, arguing that prevention is worth millions in cure. Meanwhile, C-suite executives are often less convinced by this kind of proactive thinking, instead opting to spend on AppSec only when demonstrable threats are on the horizon.... READ MORE

The Gartner Magic Quadrant: Four Traits From Top Performers

ewade's picture
By Evan Wade December 2, 2015  | Managing AppSec

With the application layer becoming a popular attack vector for intruders, and defensive methods to combat it constantly evolving, it's easy to see why application security testing (AST) services play such a large role in digital security. In fact, it has become so prominent that the question shouldn't be whether a company should adopt an AST service to keep its operations and data secure... READ MORE

What's the True Cost of a Data Breach?

ewade's picture
By Evan Wade November 20, 2015  | Managing AppSec

Breaches are bad business. In 2015, this basic tenet of digital security is clear-cut common sense. After all, bad things happen when bad guys steal your property. What's less clear is the quantifiable cost of a data breach, both in terms of the intrusion's economic toll and the underlying factors that play into the loss. This is where the expert insight comes in. "The Business and... READ MORE

Defending the Application Layer Means Securing All Apps

ewade's picture
By Evan Wade November 18, 2015  | Managing AppSec

Security is a game of advancements. All too often, the adversarial relationship between attackers and defenders pushes that game to a breakneck pace. Whichever side is on the leading edge of the technological curve won't have an advantage for long. While this dynamic can spur organizations to be consistently vigilant, at least on the white hat side, it can also lead to the assumption that a... READ MORE

The Top 3 Security Concerns in the Boardroom

sdrew's picture
By Shawn Drew November 10, 2015  | Managing AppSec

The increase in the number of corporate-targeted cyberattacks over the past few years, combined with an increase in the complexity of those attacks, has caused cybersecurity to be scrutinized in the boardroom like never before. As seen with major shake-ups among corporate leaders following massive data breaches, CEOs and other top leadership are now fully invested in the overall security health... READ MORE

Vulnerability Management: The Art of Cleaning Up Threats

eoslick's picture
By Evan Oslick October 29, 2015  | Managing AppSec

A security organization has set up threat modeling. They have implemented static, interactive and dynamic application security testing. All of them are reporting vulnerabilities. What happens next? How does an organization handle all these findings? Vulnerability management is the process of categorizing and remediating threats, and this process needs to be a collaboration between software... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu