Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Vendor Risk Management Must Include Applications

TJarrett's picture
By Tim Jarrett June 8, 2016  | Managing AppSec

Way back in April, Securosis published a whitepaper “Building a Vendor (IT) Risk Management Program. While the paper is informative and practical – do you know what is noticeably missing? Information on how to manage the risk that comes with using vendor applications. This is surprising because Securosis frequently writes about the importance of application security. Companies are... READ MORE

Bad Things Happen When You Don’t Measure Your AppSec Program

sciccone's picture
By Suzanne Ciccone May 23, 2016  | Managing AppSec

If you’re going to spend time, money and effort implementing an application security program, don’t lose your progress by neglecting to collect and share metrics. With strong metrics, you not only prove that your program is making a positive impact, but also identify where and how it’s working – or not working. What happens if you don’t measure? Bad things like these... READ MORE

In AppSec, What You Measure Is as Important as What You Do

sciccone's picture
By Suzanne Ciccone May 18, 2016  | Managing AppSec

If you’ve ever wrapped a gift and ended up with a big stripe of the box showing down the middle, you know “measure twice, cut once” is a popular saying for a reason. The need to give equal attention to measuring and doing holds true for a plethora of activities and industries, and application security (AppSec) is no exception. You can implement all the latest and greatest AppSec... READ MORE

Securing the SDLC

janderson's picture
By Jet Anderson May 16, 2016  | Managing AppSec

This post was originally published on May 2, 2016 at: I had the opportunity to speak last week at my local ISSA chapter on the topic of Securing the Software Development Lifecycle. Given the interest it generated among the attendees I realized that this is a topic for MUCH further discussion worthy of at least a few blog posts on thatsjet.... READ MORE

Software Vendors: How to Overcome the Top 3 Developer Objections to Application Security

sciccone's picture
By Suzanne Ciccone May 8, 2016  | Managing AppSec

Software vendors will increasingly be on the hook to provide evidence that their code is secure. With mounting pressure from customers, regulations and even competitors, vendors are finding they need to make application security a priority. But as software vendors start their application security journey, the first roadblock they often hit is the development organization. And that can be a... READ MORE

One Problem With Perimeter Security: Today's Networks Shouldn't Even Have A Perimeter

eschuman's picture
By Evan Schuman May 6, 2016  | Managing AppSec

Saw an interesting column the other day from a security consultant arguing that healthcare enterprises need to re-envision security and pull information from the network perimeter and back into servers, where everything is easier to control. It's a compelling argument until you get realistic, practical and focus on the reason enterprise networks exist in the first place. Going back to a... READ MORE

What Kind of Tools Do You Need to Secure Your Mobile Apps?

dstrom's picture
By David Strom May 3, 2016  | Secure Development

The days when everyone is chained to a fixed desktop computer are long over. But it isn’t just about being more mobile, or using more mobile devices, or letting your users bring their own devices and use them at work. It isn’t that the workday is no longer 9-to-5 and users expect to get their jobs done whenever and wherever they might be in the world. No, it is about moving to a completely new... READ MORE

How to Get More Done on AppSec Without Adding Staff

avohra's picture
By Arun Vohra April 27, 2016  | Managing AppSec

It doesn't take an army to reduce appsec risk - here are five ways you can get more out of a smaller team. We all know there is a shortage of skilled security professionals in the current marketplace, particularly as many organisations move to address their risk in the application security space. Application security is a higher priority for C-Level Executives these days. This is partly due... READ MORE

The Four(ish) Appsec Metrics You Can’t Ignore

TJarrett's picture
By Tim Jarrett April 11, 2016  | Managing AppSec

Metrics are important in application security, and not just because they allow us to quantify the otherwise unquantifiable work of reducing risk that application security teams do. Metrics provide us with a way to communicate the progress of an application security program, whether to a development team that needs encouragement, to senior management or the board who want to understand the value... READ MORE

Rails Engines: Magic or Curse?

jyeo's picture
By Jason Yeo April 5, 2016

Most Rails applications typically use a bunch of gems. Some of these gems may be Rails engines. Devise, Shoppe and RailsAdmin are examples of engines. The simple definition of an engine is a mini Rails application. When you include an engine in your Rails application, you are actually including an application in your application. Unlike gems that provide simple library code like Faker or... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu