Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Developer Sandbox Secures Apps Early in the Software Lifecycle, Speeding Time to Market

Regardless of where your development team is in the DevOps journey, you’re likely aware that detecting and fixing quality issues as early in the software development lifecycle (SDLC) as possible increases efficiency and reduces costs. Today, development teams are running static assessments during the integration and even code stages, giving developers more time to fix policy-violating flaws... READ MORE

Until We Prioritize Security Training, We Will Remain a Step Behind Cybercriminals

jlavery's picture
By Jessica Lavery June 22, 2016  | Secure Development

Where is your security money going? Typically, it lives at the edges of the network, in operations land. The big spends on items and services such as log aggregators and organizers, firewalls, and penetration testing are generally trusted buys. These are tried-and-true tactics that have withstood the tests of time. But time, as it were, has claimed many a security system. From the low-tech... READ MORE

Optimizing Software Management with a DevSecOps Approach

jlavery's picture
By Jessica Lavery June 15, 2016  | Secure Development

Let’s face it, building software is difficult. It’s mental gymnastics. When your developers are working hard, they’ve likely got at least two hours of ramp up time behind them. Bother them during their meditative state, and you’re resetting that clock, losing hours of potential work. There’s a flow to programming, and when you’re in the zone, the code comes... READ MORE

5 Things Devs Wish CISOs Knew About DevOps

The rapid adoption of DevOps practices in the enterprise has forced a lot of CISOs to rethink their security play books. Gone are the days of testing for security once software engineers are done developing a piece of software. With rapid iterations and continuous delivery of software there is no "done" anymore. Additionally, the fast-paced DevOps model gives engineers the power to... READ MORE

What Kind of Tools Do You Need to Secure Your Mobile Apps?

dstrom's picture
By David Strom May 3, 2016  | Secure Development

The days when everyone is chained to a fixed desktop computer are long over. But it isn’t just about being more mobile, or using more mobile devices, or letting your users bring their own devices and use them at work. It isn’t that the workday is no longer 9-to-5 and users expect to get their jobs done whenever and wherever they might be in the world. No, it is about moving to a... READ MORE

Why is SQL Injection Still Around?

dstrom's picture
By David Strom April 4, 2016  | Secure Development

While there are many Web hacking exploits, none are as simple or as potentially destructive as SQL injection. This isn’t news: the attack method has been around for more than a decade. Sadly, for something so old it is still one of the most popular ways to penetrate networks and extract data. And it is easy to find and almost as easy to avoid. Why is SQL injection still with us? It all... READ MORE

That “Oh Crap” Moment of Product Management

anielsen's picture
By Anne Nielsen March 9, 2016  | Secure Development

How to avoid putting your customer’s data at risk... Nothing stinks worse for a product manager than hearing there is a security issue in the amazing feature you just released. Yes, that one you created specifically for your very important client. Telling your previously elated buyer that the new do-dad you created specifically for them – based on their unsolicited, but completely... READ MORE

Where AppSec has let me down

jcratty's picture
By Jeff Cratty February 24, 2016  | Intro to AppSec | Secure Development 5

There are a lot of great perks that come with being a developer.  On the upside, I enjoy the challenge of developing solutions to real world problems with peers in UX, PM, QA, Ops, etc.  I love the creative process and the energy a team has when we are firing in the same direction at the same time.  I love building the stuff and making the team hum.  I love that sense of... READ MORE

How to Train a Globally Distributed Development Team

alee's picture
By Amanda Lee February 10, 2016  | Managing AppSec | Secure Development

How companies with successful AppSec programs train globally distributed teams on secure development practices and security guidelines. Every large organization now has a complex and globally distributed software development process. It doesn’t matter whether your developers are in-house or out-sourced; based in Bangalore or Boston, the expectation is that quality, bug-free, secure software... READ MORE

6 Tips for Turning Developers Into AppSec Allies

48916441_m.jpg The development team can be the biggest barrier to the success of your application security (AppSec) program. If this team does not follow the protocol outlined in your program plan, you will be unable to demonstrate the value of your program, and it could stall before getting started. Background Security and development often seem to have competing priorities... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu