Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Three Reasons AppSec Policies Matter

sciccone's picture
By Suzanne Ciccone September 16, 2016  | Managing AppSec
AppSec policies help prioritize, communicate, and benchmark efforts to secure code.

You probably get a lot of email. Do you give every email the same level of attention? Do you read, craft a thoughtful response, and immediately complete any follow-on tasks for every single email message as it comes in? If you do, congrats – but you probably don’t spend your days doing much else! Whether you know it or not, you have a policy regarding your emails. Maybe you... READ MORE

Introducing Dynamic Vulnerability Rescan: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 29, 2016  | Managing AppSec
Introducing Dynamic Rescanning from Veracode

As an application owner, you have the task of staying abreast of the security issues in critical applications soon to hit production. You need a workflow that allows you to quickly identify that vulnerabilities identified in a full dynamic scan have been addressed by development. You also have to produce a report to the business listing the vulnerabilities that have been addressed and those that... READ MORE

The Language of AppSec

bpitta's picture
By Brian Pitta August 26, 2016  | Managing AppSec
Language differences in application security.

Everyone has weird language issues they just can’t get right – mine is ordering at Starbucks. If the store doesn’t have sizes on display that I can awkwardly point to, I end up panicking, ordering a “tall,” and walking away disappointed with my small coffee. Starbucks and I just can’t speak the same language (yes, it’s my fault). This problem of speaking... READ MORE

Don’t Get Left Behind: How Security Can Keep Up With the Speed of Development

bsarathy's picture
By Bhavna Sarathy August 19, 2016  | Managing AppSec
development speed doesn't need to be slowed by security

You are tasked with ensuring that critical applications soon to hit production are secure. As an application owner, you meticulously configure a dynamic scan with features you wish to enable for your scan, crawl scripts, login scripts, whitelisting and blacklisting of specific sites, and you kick off a scan. The scan runs for a few days. But the production deadline is looming, and your developers... READ MORE

Taking The Worry Out Of Component Usage

chausammann's picture
By Christine Hausammann August 10, 2016  | Managing AppSec

Software development is changing fast, with one of the biggest recent changes being the shift to open source software. Although this change opens up a whole new world of coding possibilities, it also introduces new challenges, and problems. What’s the best way to balance its advantages and risks? Education recently experienced a similar shift. Harvard and MIT launched EdX not so long ago.... READ MORE

Why Focusing on “Shark Attack” Exploits is the Wrong Strategy

It seems like every summer there’s another horror story about shark sightings and attacks at local beaches. JAWS taught us all that sharks are scary and should be avoided in the open ocean. That’s pretty solid advice and I can’t argue with it. But you know what else is good advice for enjoying the perfect beach day? Knowing how to swim, wearing sunscreen, staying under an... READ MORE

3 Ways to Improve Your AppSec Program

nbousselham's picture
By Nabil Bousselham July 15, 2016  | Managing AppSec

It’s not a secret that applications have been a top vector for data breaches over the last five years (DBIR 2015). As organizations wade deeper into the DevOps era, it’s clear that a mature Application security program is a key pillar for organizational success. In this article I would like to present to you three ways to improve your application security program. 1. Establish a risk... READ MORE

Top Metrics to Demonstrate the Need to Expand an Application Security Program

sciccone's picture
By Suzanne Ciccone July 12, 2016  | Managing AppSec

You’ve started an application security initiative, yet you know you need to do more. But how do you prove the need to do more? Whether you’re making the case to executives or developers, we’ve found it’s hard to argue with numbers. Collecting a few key metrics will create a clear picture of where you are falling short, and where you need to expand your program. Every... READ MORE

Amplifying Security Feedback with RASP and DevOps

TJarrett's picture
By Tim Jarrett July 7, 2016  | Managing AppSec

When talking about how to secure DevOps, the conversation often starts with how to fit application security testing into the continuous integration/continuous deployment (CI/CD) pipeline. That’s a great area for concern, and there are lots of people writing about the topic. But limiting your thoughts about securing DevOps to “the pipeline” commits a classic fallacy: assuming... READ MORE

Vendor Risk Management Must Include Applications

TJarrett's picture
By Tim Jarrett June 8, 2016  | Managing AppSec

Way back in April, Securosis published a whitepaper “Building a Vendor (IT) Risk Management Program. While the paper is informative and practical – do you know what is noticeably missing? Information on how to manage the risk that comes with using vendor applications. This is surprising because Securosis frequently writes about the importance of application security. Companies are... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu