Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Development and Security Have Different Perspectives on Open Source Components

cdomoney's picture
By Colin Domoney May 9, 2017  | Managing AppSec
security and dev have differing opinions on open source components

Open source components are a blessing and a curse. From a developer’s perspective, they’re a no-cost way to speed the development process. But they can be a curse security-wise. Many open source components contain vulnerabilities that put the organization at risk of getting breached and failing compliance audits. In fact, recent Veracode research looked at all the Java applications we scanned in... READ MORE

Regulations Surrounding Third-Party Software Security Are Increasing – How to Stay Compliant

sciccone's picture
By Suzanne Ciccone May 4, 2017  | Managing AppSec
security regulations surrounding third-party software

Developers are increasingly being pushed to create more code faster. As the speed of development increases, it becomes less feasible to create every application from scratch. In turn, the reliance on third-party applications and code increases as well. But this “short cut” comes with risk. Third-party applications and open source components frequently contain vulnerabilities, leaving... READ MORE

4 Ways to Build a DevSecOps Culture

Creating DevSecOps Culture

At the center of a successful DevOps initiative is a simple but often overlooked concept: Because developers drive the software agenda, developer participation is crucial for achieving a more secure framework. DevSecOps represents the next evolutionary step of secure software development, but even the best governance framework and leading-edge security & development tools can't get the job... READ MORE

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

HipChat Breached

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Cutting down on false positives with vulnerable methods for Ruby

asharma's picture
By Asankhaya Sharma April 20, 2017

Today we released vulnerable methods support for the Ruby language, adding to the existing support for Java and Python. Vulnerable methods analysis uses call-graph analysis to trace the actual use of the vulnerability in your projects. To understand the impact that vulnerable method support can have, we analyzed the top 1,000 starred Ruby projects on GitHub, and discovered that without vulnerable... READ MORE

Why Continuous Security is the Next Application Security Movement

mcurphey's picture
By Mark Curphey April 17, 2017

Today we launched a new company web site and have changed the way we talk about what we do. This is important because we believe that application security is in the midst of a transformational change. The old model of security was slow, contentious and typically applied as a series of quick fixes at the end of a development cycle or even after shipping. Even in the past this approach was more of... READ MORE

Give Developers Training That Actually Helps

Developer training that helps.

Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the bookstore to purchase books on the technologies that I was using. These books were hundreds... READ MORE

What Does an Advanced Application Security Program Look Like?

sciccone's picture
By Suzanne Ciccone March 23, 2017  | Managing AppSec
an advanced application security program

This is the fourth and final entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded Advanced So, what does it look like when you reach the advanced stage? Based on... READ MORE

Your Next Steps if Your AppSec Program Is in the Expanded Stage

sciccone's picture
By Suzanne Ciccone March 16, 2017  | Managing AppSec
Expanded application security program

This is the third entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded (you're here!) Advanced If you are in the expanded application security stage, you... READ MORE

Beyond the Quadrant 2017

jlavery's picture
By Jessica Lavery March 15, 2017  | Managing AppSec
Beyond the magic quadrant - application security testing in 2017 and beyond.

This year’s Gartner Magic Quadrant for Application Security Testing₁ has published, and while many people read the report for the vendor assessments, the authors offered some insight into the overall application security market. In the report, first time AST Magic Quadrant authors Dionisio Zumerle and Ayal Tirosh commented that the “security testing is growing faster than any other... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu