Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Don’t Get Left Behind: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 19, 2016  | Managing AppSec
development speed doesn't need to be slowed by security

You are tasked with ensuring that critical applications soon to hit production are secure. As an application owner, you meticulously configure a dynamic scan with features you wish to enable for your scan, crawl scripts, login scripts, whitelisting and blacklisting of specific sites, and you kick off a scan. The scan runs for a few days. But the production deadline is looming, and your developers... READ MORE

Forcing Monthly Password Changes Only Helps The Thieves

eschuman's picture
By Evan Schuman August 11, 2016  | Security News
Monthly password change requirements weaken security!

When protecting app data, the default response for years has been passwords. And as long as a company's data is solely being defended by passwords, it makes sense to insist that they be changed regularly, no? Would not such mandated periodic changes shorten the life of the access-controls for thieves? Turns out that the answer is "no" to all of the above. To the extent that passwords provide... READ MORE

Taking The Worry Out Of Component Usage

chausammann's picture
By Christine Hausammann August 10, 2016  | Managing AppSec

Software development is changing fast, with one of the biggest recent changes being the shift to open source software. Although this change opens up a whole new world of coding possibilities, it also introduces new challenges, and problems. What’s the best way to balance its advantages and risks? Education recently experienced a similar shift. Harvard and MIT launched EdX not so long ago.... READ MORE

Why Focusing on “Shark Attack” Exploits is the Wrong Strategy

It seems like every summer there’s another horror story about shark sightings and attacks at local beaches. JAWS taught us all that sharks are scary and should be avoided in the open ocean. That’s pretty solid advice and I can’t argue with it. But you know what else is good advice for enjoying the perfect beach day? Knowing how to swim, wearing sunscreen, staying under an... READ MORE

3 Ways to Improve Your AppSec Program

nbousselham's picture
By Nabil Bousselham July 15, 2016  | Managing AppSec

It’s not a secret that applications have been a top vector for data breaches over the last five years (DBIR 2015). As organizations wade deeper into the DevOps era, it’s clear that a mature Application security program is a key pillar for organizational success. In this article I would like to present to you three ways to improve your application security program. 1. Establish a risk... READ MORE

Top Metrics to Demonstrate the Need to Expand an Application Security Program

sciccone's picture
By Suzanne Ciccone July 12, 2016  | Managing AppSec

You’ve started an application security initiative, yet you know you need to do more. But how do you prove the need to do more? Whether you’re making the case to executives or developers, we’ve found it’s hard to argue with numbers. Collecting a few key metrics will create a clear picture of where you are falling short, and where you need to expand your program. Every... READ MORE

Amplifying Security Feedback with RASP and DevOps

TJarrett's picture
By Tim Jarrett July 7, 2016  | Managing AppSec

When talking about how to secure DevOps, the conversation often starts with how to fit application security testing into the continuous integration/continuous deployment (CI/CD) pipeline. That’s a great area for concern, and there are lots of people writing about the topic. But limiting your thoughts about securing DevOps to “the pipeline” commits a classic fallacy: assuming... READ MORE

Why Firewalls Aren’t Your Only Friend

dstrom's picture
By David Strom June 21, 2016  | Intro to AppSec

Firewalls have been protecting networks for decades, and many of us can’t remember life before them. But they aren’t your only friends, and these days just having a firewall isn’t enough to keep the bad guys from penetrating your network. While they are a good first step, you need to start thinking beyond firewalls to keep your infrastructure secure. What is really required is to move away from... READ MORE

Vendor Risk Management Must Include Applications

TJarrett's picture
By Tim Jarrett June 8, 2016  | Managing AppSec

Way back in April, Securosis published a whitepaper “Building a Vendor (IT) Risk Management Program. While the paper is informative and practical – do you know what is noticeably missing? Information on how to manage the risk that comes with using vendor applications. This is surprising because Securosis frequently writes about the importance of application security. Companies are... READ MORE

Bad Things Happen When You Don’t Measure Your AppSec Program

sciccone's picture
By Suzanne Ciccone May 23, 2016  | Managing AppSec

If you’re going to spend time, money and effort implementing an application security program, don’t lose your progress by neglecting to collect and share metrics. With strong metrics, you not only prove that your program is making a positive impact, but also identify where and how it’s working – or not working. What happens if you don’t measure? Bad things like these... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu