Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

How Third-Party and Open Source Components Build Hidden Risk Into Software

jzorabedian's picture
By John Zorabedian September 25, 2017  | Secure Development
Risk of software components

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source... READ MORE

Podcast: How to Fix the Widening AppSec Skills Gap

lpaine's picture
By Laura Paine September 20, 2017  | Security News
AppSec Skills Gap Podcast

The AppSec Skills Gap Is Widening Nearly 20% A Year. Here's How We Fix It. A recent survey from Veracode and DevOps.com found that the majority of IT and development professionals weren’t required to take security courses in college – and they’re not receiving the necessary training from their employers. So, we have to ask: where does the fault lie? Should universities ramp up their security... READ MORE

Security: Make a Commitment to Working With Development

cdomoney's picture
By Colin Domoney September 14, 2017
Security should commit to understanding dev processes

The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new understanding of developer priorities and processes. The security function cannot be effective in a... READ MORE

Confessions of an Insecure Coder

lmercer's picture
By Laurie Mercer September 11, 2017  | Managing AppSec
How SQL injection happens

My name is Laurie Mercer, and I have introduced a security vulnerability into software. The year was 2004. As I travelled to work, Franz Ferdinand and The Killers blared on my cool new iPod. I was a developer, my first proper job after graduating with a degree in computer science and moving to the big city. Responsible for implementing functional changes, I would code new forms and business logic... READ MORE

Podcast: Implications of the EU GDPR

sciccone's picture
By Suzanne Ciccone September 4, 2017  | Managing AppSec
EU GDPR Podcast

The EU General Data Protection Regulations (GDPR) go into effect in May 2018, and will introduce stark new data security requirements for any organization in the EU, or doing business in the EU. The requirements in this regulation surrounding data retention and personal information are unprecedented, and so are the fines for non-compliance. How will this play out in a world where information is a... READ MORE

Top 4 Ways Veracode Integrations Make Security's Job Easier

cwysopal's picture
By Chris Wysopal August 23, 2017  | Managing AppSec
Veracode integrations make security's job easier

The Veracode Application Security Platform integrates seamlessly with the development, security and risk-tracking tools you already use. And, our flexible API allows you to create your own custom integrations or use community integrations, built by the open source community and other technology partners. But what do these integrations mean for a security professional charged with AppSec? How do... READ MORE

Don't Be AppSec 'Helicopter Parents'

sciccone's picture
By Suzanne Ciccone August 17, 2017  | Managing AppSec
Security's role shifts in a DevSecOps world

Roles shifting can be disconcerting. Having a clear role and understanding your responsibilities and tasks is comforting. But getting too comfortable can be dangerous. Take parenting for example. Parents wouldn’t be doing their kids any favors by continuing to feed and dress them as if they were 4 when they’re 10. As children age, they start to do these basic tasks on their own, and the parent... READ MORE

Best Practices for Complying with Emerging Application Security Regulations

TJarrett's picture
By Tim Jarrett August 14, 2017  | Managing AppSec
best practices for managing appsec regulations

In a previous blog post, we discussed how the proliferation of data breaches has caught the attention of regulators, which are increasingly focused on cybersecurity and application security. Case in point: Two recent major regulations – the EU General Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their... READ MORE

What You Need to Know About the Latest Trends in AppSec Regulations

TJarrett's picture
By Tim Jarrett August 8, 2017  | Managing AppSec
trends in appsec regulations

As major data breaches continue to expose customers’ sensitive data and cause major monetary and reputation damage to organizations, regulators are taking notice. Two recent major regulations – the EU General Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their scope and depth. Considering the prominence... READ MORE

What Do Microservices Mean for AppSec?

bpitta's picture
By Brian Pitta August 7, 2017  | Managing AppSec
microservices are like tapas vs. a traditional meal -- how this shift will affect AppSec

I am not a fan of tapas. I’ll take the 22-oz. bone-in ribeye over small plates any day. My wife is the opposite; she loves them. With more tapas bars opening and existing restaurants adopting a “small plate” menu, I find myself losing the battle of steakhouse vs. tapas quite often. After several meals (if that’s what you call them), I will admit I’ve started to see some of the appeal: pick what... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu