Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

How Dynamic Scanning Without Planning Almost Ruined My Fantasy League

bpitta's picture
By Brian Pitta November 1, 2016  | Managing AppSec
Dynamic scanning in production

“Is your scanner production-safe?” It’s one of the first questions teams ask me when we are discussing Veracode’s Web Application Scanning and black box testing capabilities. For many, this translates to two potential issues: Denial of service (DOS) – will your testing overload my application and take it down? Malicious attacks – if my application is susceptible to SQL injection, will your... READ MORE

Why You Should Embrace Failure in Your Development Culture

TJarrett's picture
By Tim Jarrett October 24, 2016  | Secure Development
It is helpful to fail fast in devops.

One of the counterintuitive features of DevOps culture is a willingness to fail. In our success-oriented culture, this might sound like exactly the wrong direction in which to take your development teams. But a willingness to fail quickly, and often, can paradoxically lead your teams to greater success — provided you do it in a structured way and you learn from your failures. There’s... READ MORE

Questions You Should be Asking Your Application Developer Candidates

bcardinale's picture
By Brian Cardinale October 19, 2016  | Secure Development
What questions do you ask a developer applicant to determine security competence.

Old habits die hard. The following questions will help you avoid hiring developers with bad habits. Developers with bad habits are prone to baking in those habits into the overall application architecture. There are two fronts in the war of protecting your applications. The first front is reactive. It is your code maintainers patching flaws in old code bases. The second front is happening right... READ MORE

Why Even Google Is Susceptible to the Most Basic Website Vulnerabilities

jzorabedian's picture
By John Zorabedian October 19, 2016  | Secure Development
Google vulnerable to insecure code.

This week’s National Cyber Security Awareness Month theme of “recognizing and combating cybercrime” brings up an elementary but crucial point about why our efforts to fight cybercrime seem inadequate for the challenge: it can be really difficult to fix what’s broken even when we know exactly what the problem is. Here’s an example. When a sick patient comes to a... READ MORE

What Sports Can Teach Us About Secure DevOps

jzorabedian's picture
By John Zorabedian October 6, 2016  | Secure Development
What sports can teach us about devops. View of crowded stadium.

It’s a special time of year for sports fans like me. After a great summer featuring the Olympics and the Euro Cup, it’s time once again for the Major League Baseball playoffs, while both of my favorite football leagues (NFL and Premier League) are well underway for the season. One of the things I love about sports is they seem to offer so many parallels to other aspects of life,... READ MORE

Helping Developers Move Faster

jjanego's picture
By Jon Janego October 5, 2016  | Secure Development

Veracode’s mission is to secure the software that powers the world.   And one of the most interesting parts of working here, is that in order to achieve that goal, we get to learn about the entire spectrum of computing technologies.  I think of enterprise software landscapes as similar to evolutionary biology.  There are generations and generations of different... READ MORE

Developer vs. Hacker: Two Sides of the Same Coin?

jzorabedian's picture
By John Zorabedian September 21, 2016  | Secure Development
How much do hackers and developers have in common?

Years ago, when I started my career as a writer, I became a journalist dedicated to informing people and serving the public interest. Later, I became a writer in a marketing role, dedicated to creating content that informs prospects and serves customers. I call upon the same skills to write blog posts and whitepapers that I once did to write news articles. Likewise, journalists may use their... READ MORE

4 Things Developers Have in Common with Hercules and Luke Skywalker

jzorabedian's picture
By John Zorabedian September 19, 2016  | Secure Development
How developers are like Luke Skywalker

The adventurous hero is a common thread in mythology that helps us understand what makes someone great. From Homer’s Odysseus, to George Lucas’s Luke Skywalker, all mythical heroes have traits in common and follow a similar path. Heroes don’t start out that way – they need to prove their mettle by undertaking a long journey and passing a series of tests. The hero must look... READ MORE

Evolution Toward DevSecOps: Failures and Successes

jfeiman's picture
By Joseph Feiman September 13, 2016  | Secure Development

As we outlined in the previous blog post, DevOps is in danger of not being properly secured unless it adopts technologies specifically designed for that purpose. Traditional application security technologies were not designed to work in a DevOps environment. Even from DevOps name, it is obvious, that DevOps-enabling tools should be designed for Development and Operations specialists. And for some... READ MORE

If Security Isn't A Priority For Appdev, What Chance Does A Deployed App Have?

eschuman's picture
By Evan Schuman September 1, 2016  | Secure Development
Educating developers about secure coding should be built in from the start.

One of the biggest security threats is that enterprise mobile app testing is overwhelmingly focused on functionality and not security. Pen testing of apps to see what data they—or some third-party app it is integrated with—are actually retaining is hardly ever done prior to deployment, if then. Why? It's simply not in the mindset of line-of-business managers. They want/need the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu