Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

9 AppSec Mistakes that are Poisoning Your Progress

Application security testing is an essential part of a global security strategy but if it is not done the right way it can poison your progress. Below I’ll explain the mistakes to avoid in order to test all your applications, find and fix the flaws whilst still creating a global application security programme. 1: Only testing the most critical apps In most cases companies believe that... READ MORE

The Six Types of Open-Source Library Vulnerabilities

mcurphey's picture
By Mark Curphey March 22, 2016

There are at least six types of open-source library vulnerabilities that we should all be concerned about. Before describing them it is worth reiterating that simply linking to a vulnerable library in your project doesn’t mean your application will have a vulnerability. You will only have a vulnerability if you are using the vulnerable methods of the vulnerable library in a vulnerable manner.... READ MORE

Why Application Security Is Better Than a Sharp Stick in the Eye

pherzog's picture
By Pete Herzog March 22, 2016  | Managing AppSec 10

I'm this security guy. I have a sweet resume with lists of security stuff I did. I got security skills certifications to show I can actually do security and not just be a moderately adequate opponent in Trivial Pursuit Security Edition. So people come to me and ask me to solve their security problems like, “Our client accesses our mojingle over the doobywassy blah blah hackers.”... READ MORE

How the Legal Department Can Improve Your Vendor Application Security Program

jlavery's picture
By Jessica Lavery March 16, 2016  | Managing AppSec

In order to keep up with the need for applications, companies are purchasing software at an accelerated rate. And if you are like most companies, your processes for vetting the security of your software is probably not very sophisticated. Most companies rely on questionnaires or even just a wink and a nod from the vendor’s account manager. Companies that recognize the risk introduced from... READ MORE

Why You Need Your Boss’ Buy-In for Application Security

sciccone's picture
By Suzanne Ciccone March 14, 2016  | Managing AppSec

Want your application security program to succeed? Get your boss on board. You need your CISO’s buy-in, and not just for scanning or pen testing a few business-critical apps – but for building a mature, robust program that secures every application the organization builds, buys or assembles. Here’s why: Reason 1: You need your boss to be a champion for your program with the C-... READ MORE

Google’s Vendor Security Assessment | Veracode

anielsen's picture
By Anne Nielsen March 10, 2016  | Managing AppSec

Software supply chain security has arrived with Google’s Vendor Security Assessment Questionnaire (VSAQ)! Or has it? The web-based application released under an open-source license on GitHub contains the actual questionnaire Google uses to review its own software vendors' security practices before making a purchase. I know what you’re thinking: “if it’s good... READ MORE

3 Steps To Getting Started With Web Application Security

sciccone's picture
By Suzanne Ciccone February 23, 2016  | Intro to AppSec

Companies are producing more applications today than ever before, and with this increased production comes increased risk.  Many enterprises recognize the need for application security but aren’t making it a priority.  This is usually because application security is mistakenly seen as an overly complex and expensive endeavor. What those responsible for securing the applications at... READ MORE

Why RASP does not negate the need for testing

jfeiman's picture
By Joseph Feiman February 22, 2016  | Managing AppSec

https://www.veracode.com/products/binary-static-analysis-sastWhen one calls a technology “transformational” as I have with RASP, there are expectations that this technology will change the direction of a market. The market expects the solution to address a serious problem in such a way that the problem is made much smaller. One misconception is that this transformational... READ MORE

Combatting the Top Four Sources of Vulnerabilities

jlavery's picture
By Jessica Lavery February 18, 2016  | Managing AppSec

In the past I’ve asked “Why Appsec?” and then answered my own question – “Because Application-Layer Breaches ARE Damaging Businesses”. We are seeing more breaches due to application layer attacks than ever before – according to research done by the Department of Homeland security, 90 percent of security incidents are the result of exploits against... READ MORE

Why you need an AppSec Quick Win

jlavery's picture
By Jessica Lavery February 18, 2016  | Managing AppSec

web-apps-perimeter.png Application security does not get the attention it deserves. So, when you finally get the green light to start an application security program, the first thing you should be thinking is “how do I make sure my boss and other stakeholders recognize our successes so I can expand the program”. And when a business invests in something as complex as... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu