Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

What Executives Will Get Out of our DevSecOps Virtual Summit

jcoletta's picture
By Joe Coletta February 27, 2018
What executives need to know about DevSecOps

Our economy is almost entirely digitized. Modern businesses rely on software to run their day-to-day operations, and, as such, innovation must meet the demands of an ever-evolving market. However, business leaders are at a crossroads when it comes to securing their digital assets. As organizations migrate towards development practices like DevOps, the need to produce software faster becomes as... READ MORE

Top 5 Ways to Get Developer Application Security Buy-In [VIDEO]

sciccone's picture
By Suzanne Ciccone February 26, 2018
How to get developer buy-in for your AppSec program

The speed and scope of software development today is creating new challenges in ensuring the security of software. But they also create the opportunity to finally get application security right. Both the challenge and the opportunity stem, in part, from the fact that security is “shifting left.” The responsibility for ensuring the stability and security of software through production and customer... READ MORE

NYDFS Cybersecurity Regulation Transition Period Ends

jzorabedian's picture
By John Zorabedian February 23, 2018  | Managing AppSec
NYDFS Cybersecurity Regulation

March 1, 2018 marks the end of the one-year transition period for the New York Department of Financial Services (NYDFS) cybersecurity regulation. The passage of this date means affected organizations — including banks, insurance companies, and other financial services companies licensed by or operating in New York State — must be in compliance with a raft of security rules intended to protect non... READ MORE

5 Essential Steps to Shift Security Left [VIDEO]

sciccone's picture
By Suzanne Ciccone February 8, 2018
How to shift security left in your development process.

Speed rules in software development today. The DevOps model means getting newer, better, faster into the hands of customers as quickly as possible is the name of the game. But where does that leave security? If it’s not done right -- overlooked or worked around. Done right -- it’s embedded into the software development process from day one, unobtrusively checking for and removing vulnerabilities... READ MORE

Top 5 AppSec Missteps

swright's picture
By Steven Wright February 2, 2018
The top AppSec mistakes we see our customers make

In my three-plus years working with enterprise clients to help grow and mature their application security programs, I have seen the gamut of well-run programs and not-so-well run programs.  For the not-so-well-run programs, it is often the same reasons why the program is not successful and not reaching higher maturity levels.  The following are the top 5 mistakes I see most often: 1. No... READ MORE

Security: Here’s What You Need to Know About Development

sciccone's picture
By Suzanne Ciccone February 1, 2018
The security team needs a new knowledge of the development process in a DevOps world.

The days of security and development working in separate and isolated silos are over. Security is now a task shared by the development and security teams throughout the software lifecycle – from inception to production. Security testing has become primarily the responsibility of developers, with security taking on more of an enabling role – crafting and communicating policies, assisting with... READ MORE

Podcast: 2017 AppSec Lessons Learned

sciccone's picture
By Suzanne Ciccone January 31, 2018

“The more things change the more they stay the same” could be the application security motto for 2017. Last year featured breaches stemming from the same vulnerabilities that have been wreaking havoc for years. In fact, we saw SQL injection in about 30 percent of the apps we scanned in 2017 – a number that hasn’t budged much since 2011. 2017 also shone a harsh spotlight on the risk of open source... READ MORE

What Security Pros Will Get Out of our Upcoming DevSecOps Virtual Summit

sciccone's picture
By Suzanne Ciccone January 31, 2018
Why attend our upcoming Virtual Summit on assembling the pieces of the DevSecOps puzzle

The shift to DevOps and DevSecOps is happening. Organizations in all industries are creating software not just faster, but also in a more precise, collaborative and incremental way. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50 percent last year. And this shift casts a wide net, affecting everything... READ MORE

Optimizing Your AppSec Investment with Value Stream Mapping

mloughlin's picture
By Maria Loughlin January 26, 2018
How to optimize your AppSec investment with value stream mapping

“Value stream mapping” – that’s a Lean methodology for logistics and supply-chain processes, right? What does that have to do with software security? Good question! In the ’80s, value stream mapping applied to logistics and supply chain processes in the Japanese manufacturing industry. The success of the methodology for manufacturing led to wider adoption, including adoption in Lean software... READ MORE

Did You Read Our 5 Most Popular 2017 Blog Posts?

sciccone's picture
By Suzanne Ciccone January 17, 2018  | Managing AppSec
Our most popular 2017 blog posts

2017 was quite a year for application security. From big breaches to breakthroughs, 2017 featured a lot of scary headlines reflecting the sorry state of application security, but also news about companies moving the needle on AppSec, and regulators waking up to the reality about how data is exposed. Not surprisingly, our most popular 2017 blog posts mirror the trends and headlines – and reveal... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu