Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

That “Oh Crap” Moment of Product Management

anielsen's picture
By Anne Nielsen March 9, 2016  | Secure Development

How to avoid putting your customer’s data at risk... Nothing stinks worse for a product manager than hearing there is a security issue in the amazing feature you just released. Yes, that one you created specifically for your very important client. Telling your previously elated buyer that the new do-dad you created specifically for them – based on their unsolicited, but completely... READ MORE

Where AppSec has let me down

jcratty's picture
By Jeff Cratty February 24, 2016  | Intro to AppSec | Secure Development 5

There are a lot of great perks that come with being a developer.  On the upside, I enjoy the challenge of developing solutions to real world problems with peers in UX, PM, QA, Ops, etc.  I love the creative process and the energy a team has when we are firing in the same direction at the same time.  I love building the stuff and making the team hum.  I love that sense of... READ MORE

How to Train a Globally Distributed Development Team

alee's picture
By Amanda Lee February 10, 2016  | Managing AppSec | Secure Development

How companies with successful AppSec programs train globally distributed teams on secure development practices and security guidelines. Every large organization now has a complex and globally distributed software development process. It doesn’t matter whether your developers are in-house or out-sourced; based in Bangalore or Boston, the expectation is that quality, bug-free, secure software... READ MORE

3 Ways to Get Your Development Team on Board with Application Security

working-with-development-team.png Protecting enterprise data and assets is a daunting task. According to IT industry organization ISACA, 82 percent of respondents to an April 2015 survey indicated that their enterprise is now "likely" or "very likely" to be attacked — only 1 percent said it's "not at all likely." Meanwhile, the average annual... READ MORE

Mother May I – a Story of Application Privilege Security

bmonroe's picture
By Bob Monroe December 15, 2015  | Secure Development

Our mothers all want the best for us. They raised us to ensure we didn’t do anything crazy like run out in front of traffic or play with broken glass. 41066821_m.jpg More often than not, we had to ask for permission to do things like swim at our friend’s house or eat all of our Halloween candy in one sitting. Our moms then did their motherly duties of checking in with... READ MORE

It's True: DevOps and Security Can Play Nice

ewade's picture
By Evan Wade September 25, 2015  | Secure Development

It's no secret that DevOps was designed to address the drawbacks of traditional "waterfall" and "scrum-but" development practices over the years. And while new ways to build software are about as common as unique startup business models these days, it's clear the methodology is at least successful at addressing some long-standing issues. If your goal is to improve... READ MORE

DevOps and Automation: A Recipe for Stronger, More Secure Software

ewade's picture
By Evan Wade September 22, 2015  | Secure Development

If you made a list of the technological tools used by multiple software development methodologies, automation would have to be somewhere near the top. Anything that reduces the rote, repetitive work developers, security personnel and others have to handle in the process of app creation is a good thing; combine that with the reduced costs and lower risk that automation usually introduces into a... READ MORE

Security and Development: 90 Degrees Distant?

dbonderud's picture
By Doug Bonderud September 21, 2015  | Secure Development

In many organizations, IT security and development teams have very different mandates. For example, according to the SANS Institute's 2015 State of Application Security: Closing the Gap, while software builders focus on lowering their time to market and feature lists, application defenders worry about fully identifying all apps in their corporate portfolios to effectively address security... READ MORE

How DevOps and an Agile Methodology Can Alter Security Integration

sdrew's picture
By Shawn Drew August 9, 2015  | Secure Development

Security controls and tests have never been the easiest things to incorporate in the software development lifecycle (SDLC) — but as application security grows in importance, some changes in the way software gets made are making security integration more difficult than ever. The Agile methodology, especially when combined with a DevOps paradigm, embraces speed, making it much harder to get... READ MORE

Play in the sandbox

pchestna's picture
By Pete Chestna July 29, 2015  | Secure Development

This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code against specific security and compliance policies. The sandbox is the way for individual... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu