Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

10 Gadgets and Skills of Superhero Developers [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian March 27, 2017  | Secure Development
Superhero Developer Skills

Developers perform heroic feats every day, frequently at night, and sometimes on weekends. You might not always get the recognition you deserve, but you still need to keep your skills sharp to survive in a fast-moving Agile or DevOps shop. When you master the skills and tools you need to do your job well, you'll get an uplifting confidence from self-improvement, feel empowered to try new ideas,... READ MORE

How to Get Started Using Java Cryptography Securely

msheth's picture
By Mansi Sheth March 17, 2017  | Secure Development

Skip to the tl;dr Cryptography is the backbone of today's information systems. Its applications are all around us: secure email communications, storage of our login credentials, digital cash and mobile payments, to name just a few. Cryptography is one of the most complicated topics in information security, but the good news is we already have well-defined algorithms, implementations and protocols... READ MORE

It's Time to Stop Blaming Developers for Insecure Software

mrunkle's picture
By Matt Runkle March 3, 2017  | Secure Development
Securing DevOps

In two-plus years on the security consulting team at CA Veracode, and in my prior experience as a security researcher and software developer, I've heard this phrase countless times: "Developers are the biggest cause of security defects." Sure, developers are the ones actively implementing the application – but they’re not the only ones involved in creating software. Lots... READ MORE

How to Help Developers Accept and Embrace Security Testing

jjastrzebski's picture
By Jim Jastrzebski February 14, 2017  | Secure Development
Developers and Security Testing

In previous posts in this blog series, I've explained that AppSec teams should have empathy for developers as they go through the stages of grief after an unfavorable security assessment of their code. In this post, we wrap up by discussing how to get developers to move through the final two stages – from bargaining to acceptance. Bargaining: "We have a firewall that handles this.... READ MORE

A Developer’s Stages of Grief After a Failed Security Assessment

jjastrzebski's picture
By Jim Jastrzebski February 13, 2017  | Secure Development
Developer's Stages of Grief

After nearly 10 years as a security consultant, I've talked to thousands of developers about remediating security flaws in their code. It's not always an easy conversation, and developers have a wide range of emotional reactions, not all of them good. The fact is, developers are increasingly responsible for quality assurance and security testing of their code, tasks that didn’t used... READ MORE

AppSec Managers Should Have Empathy for Developers

jjastrzebski's picture
By Jim Jastrzebski February 10, 2017  | Secure Development
Empathy for developers

Developers don't always respond well to security assessments that highlight flaws in their code. With a little bit of empathy, it's not hard to understand why developers might react with frustration, annoyance, or even hostility. Security testing should be a dispassionate and routine part of the software development lifecycle – application security professionals will tell you it... READ MORE

How DevOps Won the Super Bowl

mhorton's picture
By Mitch Horton February 8, 2017  | Secure Development
DevOps in the Super Bowl

I wasn't able to enjoy the Super Bowl on Sunday night as I was flying home from a family funeral. I did get some updates from fellow passengers, and even though the Atlanta fans were celebrating a big lead early and the New England fans were fearing an embarrassing defeat, I knew the game would be a fight to the finish. In case you didn't see it (or if you aren't a big NFL football... READ MORE

Never Leave Your IDE Again: Secure Coding Feedback in Seconds

jworthington's picture
By Janet Worthington January 25, 2017  | Customer News 6
CA Veracode Greenlight: Security Unit Testing Inside Your IDE

To stay competitive, every company in every industry has to not only create software, but also create it fast. This pressure has most likely trickled down to your development team, which is feeling squeezed to meet ever-tighter deadlines and continually get new products and features out the door. In turn, we’re seeing the adoption of new, speedier development and deployment practices, such as... READ MORE

How We’re Making Developer Training More Interactive, Flexible and Fun

eying's picture
By Emilie Ying January 24, 2017  | Secure Development
CA Veracode video-based developer training

Everyone knows security training is important. But many organizations struggle to make security training more effective. At CA Veracode, we’ve implemented several innovations to make our eLearning platform even more engaging, relevant, user-friendly and fun. Over the past five years, we have continued to add online courses to keep up with the changing climate of threats in the real world,... READ MORE

Securing DevOps: Enough With the Cynicism

jlavery's picture
By Jessica Lavery January 23, 2017  | Secure Development
Cynicism about devops is popular initially.

If an industry continuously talks about how a trend is going to be a hurdle, it becomes a hurdle. Conversely, if an industry views the trend as an opportunity and talks about it in such terms, thinking shifts toward the potential this trend brings for improvement. We are seeing this phenomenon with DevOps, but not in a good way. Security professionals are talking about the hurdles of securing... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu