Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

What Security Pros Will Get Out of our Upcoming DevSecOps Virtual Summit

sciccone's picture
By Suzanne Ciccone January 31, 2018
Why attend our upcoming Virtual Summit on assembling the pieces of the DevSecOps puzzle

The shift to DevOps and DevSecOps is happening. Organizations in all industries are creating software not just faster, but also in a more precise, collaborative and incremental way. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50 percent last year. And this shift casts a wide net, affecting everything... READ MORE

Optimizing Your AppSec Investment with Value Stream Mapping

mloughlin's picture
By Maria Loughlin January 26, 2018
How to optimize your AppSec investment with value stream mapping

“Value stream mapping” – that’s a Lean methodology for logistics and supply-chain processes, right? What does that have to do with software security? Good question! In the ’80s, value stream mapping applied to logistics and supply chain processes in the Japanese manufacturing industry. The success of the methodology for manufacturing led to wider adoption, including adoption in Lean software... READ MORE

Did You Read Our 5 Most Popular 2017 Blog Posts?

sciccone's picture
By Suzanne Ciccone January 17, 2018  | Managing AppSec
Our most popular 2017 blog posts

2017 was quite a year for application security. From big breaches to breakthroughs, 2017 featured a lot of scary headlines reflecting the sorry state of application security, but also news about companies moving the needle on AppSec, and regulators waking up to the reality about how data is exposed. Not surprisingly, our most popular 2017 blog posts mirror the trends and headlines – and reveal... READ MORE

How Static Analysis Has Changed in a DevOps World

jjanego's picture
By Jon Janego January 4, 2018
How static analysis has evolved in a DevOps world

The industry-wide shift to DevOps practices has changed more than just developer processes. It has also had a major impact on security, including application security testing techniques. Static analysis, for instance, has had to evolve along with development processes. Unlike early versions of static analysis solutions that only assessed completed code at the end of the development cycle, today’s... READ MORE

How CA Veracode Products Secure the Production Stage

sciccone's picture
By Suzanne Ciccone January 3, 2018
How CA Veracode secures your apps in production

This is the third entry in a series of blogs on how CA Veracode products fit into each stage of the software lifecycle – from coding to testing to production. We want to emphasize lifecycle here, because we continue to hear the misconception that application security falls squarely and solely into the testing stage. In our 10+ years helping organizations secure their... READ MORE

When You Need to Report a Single AppSec Metric: Our Recommendation

anielsen's picture
By Anne Nielsen December 14, 2017
Find out the one AppSec metric you should report to your superiors.

Metrics are critical for measuring and expanding an application security program. And there are a lot of important numbers you need to track to gauge your program’s progress, but sometimes you need one number that sums up your progress. Executives don’t always want to see a slew of complicated charts and graphs – they want one simple number that answers, in a nutshell, is this working, are we... READ MORE

Overcoming the Language Barrier Key to DevSecOps Success

sciccone's picture
By Suzanne Ciccone December 8, 2017
how to overcome the dev/sec language barrier

As DevOps moves to DevSecOps, there is a significant “people” component involved in the shift. Development and security teams both need to overcome their “language barriers” and understand each other’s processes and priorities. The effort is worth it because we know that (1) the consequences of neglecting software security are getting more damaging and (2) embedding security early and often into... READ MORE

AppSec in Review Podcast: How Developers Respond to Security Findings

jzorabedian's picture
By John Zorabedian December 5, 2017  | Secure Development | Research
AppSec in Review: How Developers Respond to Security Finding

We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and CA... READ MORE

5 Ways to Get Developers and Your AppSec Program Ready for DevSecOps in 2018

Neil's picture
By Neil DuPaul December 4, 2017  | Managing AppSec
Get DevSecOps Ready in 2018

The importance of application security has increased dramatically over the past couple of years in response to rising threats. Meanwhile, software development is changing fast, with continuous delivery and DevOps adoption continuing to grow. It seems inevitable that the we'll be talking more and more in the coming year about securing DevOps and DevSecOps. As we enter 2018, it’s a good... READ MORE

Hardcoded Credentials: Why So Hard to Prevent?

sciccone's picture
By Suzanne Ciccone December 1, 2017
Understand the danger of hardcoded credentials

About a year ago, attackers managed to tap into thousands of IoT devices to create a botnet infected with Mirai malware and wreak havoc on some major websites. This Mirai botnet, made up of 100,000 IoT devices from DVRs to security cameras, unleashed a massive DDoS attack on DNS provider Dyn, which brought down dozens of websites, including Twitter, Spotify, Netflix and The New York Times. ... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu