Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Survey: How Teams are Using Software Components in the Age of DevOps

Neil's picture
By Neil DuPaul April 10, 2018  | Managing AppSec
Software component security.

New research: Only 52% of developers using components in their apps update them when a new vulnerability is announced Open source components have gone mainstream. With every company undoubtedly becoming a software company, open source and commercial components are a vital element in developing applications at the speed of DevOps. But while they’re a powerful tool for adding features and... READ MORE

It’s Complicated - Operational Security for Developers

pherzog's picture
By Pete Herzog March 28, 2018  | Managing AppSec
Application porosity - opsec for developers

The life of a commercial software developer is a difficult one. Or at least we have to assume it is because of how many of them half-ass it when code starts to get complicated. Okay, maybe that’s unfair. Maybe it’s not all half-assing. It’s complicated. Literally. There’s many functions that are overly complex. They are so complex with so many variables and interactions as to be actually... READ MORE

Security Champions: a Scalable Approach for Securing DevOps

Neil's picture
By Neil DuPaul March 22, 2018

The enormous growth of DevOps is no accident. As organizations attempt to navigate the complexities of digital business, speed and flexibility are everything. Yet somewhere between innovation and disruption lies a basis fact: A DevOps initiative is only as good as the security framework that supports it. Unfortunately, many organizations focus on speed and precision at the expense of security.... READ MORE

Security: Create a Development Champion

sciccone's picture
By Suzanne Ciccone March 13, 2018  | Secure Development
how to create a development champion on the security team

We talk a lot about the need for development teams to create security champions. With the shift to DevOps – and the intersecting of development, security, and operations teams – development and security teams can no longer operate in their traditional silos. Each team needs to not only work closely together, but also have a much deeper understanding of each others’ pains, processes, and... READ MORE

Adopting a More Secure Approach to Containers

Neil's picture
By Neil DuPaul March 6, 2018
Container Security

The complexities of developing secure software aren't lost on anyone in the business world. One tool development teams have used to adapt to today's challenging environment is software containers, which allow applications to run reliably on different platforms and systems.   Today, organizations use containers to address a wide range of development and testing tasks. What's more, as... READ MORE

What Developers Can Learn at the Upcoming DevSecOps Virtual Summit

Neil's picture
By Neil DuPaul February 14, 2018
DevSecOps - development

The shift to DevOps and DevSecOps has already happened, it's only a question of when we all catch up. Organizations in all industries are creating software not only faster, but also in more precise, collaborative and incremental ways than ever before. In fact, we’ve seen the shift in our own customer base, where the percentage of applications scanned for security on a weekly basis jumped 50... READ MORE

What You Don’t Do for Secure Programming

pherzog's picture
By Pete Herzog February 1, 2018

The hardest part of growing up is that everything you’re allowed to do is communicated in a general sense and everything that you’re not allowed to do is enumerated specifically and in detail AFTER you’ve gotten in trouble for doing it. So you’re told things like, “Go play in the yard.” Yet you get chewed out for very specifically flooding the yard to play mud football. Apparently the lawn, the... READ MORE

Three Easy Steps to DevSecOps

mcurphey's picture
By Mark Curphey January 8, 2018

There's a lot being discussed these days about secure DevOps. What does it mean to do continuous integration and deployment in a secure way? Is it about securing the pipeline itself? Or, is there more to it than that? We have your back. There are just three basic steps to DevSecOps. 1) Build security in This is perhaps the biggest leap in getting to secure DevOps pipelines but by far the most... READ MORE

AppSec in Review Podcast: How Developers Respond to Security Findings

jzorabedian's picture
By John Zorabedian December 5, 2017  | Secure Development | Research
AppSec in Review: How Developers Respond to Security Finding

We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and... READ MORE

Introducing Quick Scan

jetanderson's picture
By Jet Anderson December 4, 2017

Sometimes you need to get information quickly on what's going into your project. You may not even have the project in a buildable state yet. So, if you're pulling together packages to solve your coding challenges but you're not anywhere near the point of building, how do you get actionable intelligence to help you make smart decisions about what you're putting in this build? This is where Quick... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu