Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Black Hat 2018: The Art of Secure Code

SKing's picture
By Sam King August 2, 2018
Veracode talks art of secure code at Black Hat 2018

This year’s Black Hat conference has some of the most diverse and intriguing sessions of any recent industry event. Attendees will have the opportunity to explore hacking of voting booths, learn about vulnerabilities in critical infrastructure and see live demos of how attackers can alter functionality of some of the most popular digital payment systems. These vastly different threats have... READ MORE

The Art of Secure Code

sciccone's picture
By Suzanne Ciccone August 1, 2018
We're talking the art of secure code at Black Hat 2018

We think a high-quality and highly secure app is a work of art. As with any artistic endeavor, it takes creativity, resources, training, and talent to create secure code. Maybe it’s a little bit of stretch to compare your software developers to Picasso, but we would argue that there are a lot of similarities between creating a great piece of secure code and a great piece of art. For example, both... READ MORE

AppSec Mistake No. 1: Using Only One Testing Type

sciccone's picture
By Suzanne Ciccone July 30, 2018
Learn from the top AppSec mistakes we see.

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the first in a blog series that takes a look at some of the most common mistakes we see that lead to failed AppSec initiatives. Use our experience to make sure you avoid these mistakes and set yourself up for application security success. The... READ MORE

Veracode Dynamic Analysis Helps You Check Your Security Headers

schavali's picture
By Saikrishna Chavali July 30, 2018
Security Header Recommendations

Veracode Dynamic Analysis helps you follow Google I/O 2018 security recommendations I've been binging on the Google I/O 2018 videos. I guess every web geek does! One video caught my attention: Google Chrome security team's improvements to fight off the Spectre & Meltdown "celebrity" vulnerabilities. They're using software at the browser level to mitigate against a hardware vulnerability. How... READ MORE

Announcing New Veracode Dynamic Analysis

bsarathy's picture
By Bhavna Sarathy July 5, 2018
Find out about our new Dynamic Analysis.

Effective application security assesses applications across the entire software lifecycle – beyond the development phase and into production. Why is this necessary? If you’ve shifted security left, into the development process, why do you need to shift it right into production? To put it bluntly: Because people aren’t perfect, and bad guys never sleep. With the speed of today’s development... READ MORE

A Closer Look at Security’s Role in a DevSecOps Organization

mspencer's picture
By Milena Spencer July 5, 2018
How does DevSecOps change the security role?

In February, we hosted a virtual summit titled “Assembling the Pieces of the DevSecOps Puzzle.” The goal of the summit was to provide organizations with tools and information to implement a DevSecOps strategy in their organization—and make the shift from theory into practice.  In his educational webinar at the summit, Chris Wysopal—Veracode’s CTO and co-founder—tackles an important,... READ MORE

A Security Champion in the Developer Midst May Just Solve the Secure Code Conundrum

eschuman's picture
By Evan Schuman July 3, 2018
How to use your security resources more efficiently with developer security champions.

The enterprise challenge in generating secure code is well known: as software becomes a competitive advantage and customers expect regular updates, the need to release new features and content frequently often trumps the need to release secure code. Although that's a true conflict, it's not the full story. Psychology can play almost as big a role, with security teams often perceived by developers... READ MORE

AppSec Policies: Get With the Times

mspencer's picture
By Milena Spencer July 2, 2018
Make sure your AppSec policy is keeping pace with your development team.

In February, we hosted a virtual summit titled “Assembling the Pieces of the DevSecOps Puzzle.” The goal of the summit was to provide organizations with tools and information to implement a DevSecOps strategy and move it from theory into practice.  During one of the summit’s webinars, Pejman Pourmousa, VP of Program Management at Veracode, explained the importance of rethinking AppSec... READ MORE

What the Veracode Verified Continuous Tier Looks Like

sciccone's picture
By Suzanne Ciccone June 27, 2018
What does it take to reach the Continuous Verified tier?

We recently announced our Veracode Verified program. To better suit the needs of organizations that are producing and updating apps at DevOps speed, we are attesting to the security of the overall development process of an application, rather than to the security of an application at one point in time. In this way, your prospects and customers can rest assured that security was embedded... READ MORE

A Closer Look at the Veracode SourceClear Solution

sciccone's picture
By Suzanne Ciccone June 26, 2018
Details on the features of our SourceClear solution

The days of developers creating every line of code from scratch are over. The intense demand for newer, better software means development speeds have become correspondingly intense. In turn, developers need to rely on the pre-built functionality in open source libraries to keep up. The problem with this practice is that it also introduces a whole new layer of vulnerabilities into organizations’... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu