Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

How Developers Can Go From Mercenaries to Masters of Their Domain

pchestna's picture
By Pete Chestna August 17, 2016  | Secure Development
A modern developer working in a devops environment needs many skills.

If you’re a developer like me, you’ve probably had more than a few jobs over the years. In today’s business climate, developers are like 21st century mercenaries: pursued by company after company, enticed by hotter jobs, cooler projects and – of course – bigger salaries. Staying anywhere more than two years is unusual. It’s a sellers’ market if you’... READ MORE

Developer Sandbox Secures Apps Early in the Software Lifecycle, Speeding Time to Market

Regardless of where your development team is in the DevOps journey, you’re likely aware that detecting and fixing quality issues as early in the software development lifecycle (SDLC) as possible increases efficiency and reduces costs. Today, development teams are running static assessments during the integration and even code stages, giving developers more time to fix policy-violating flaws... READ MORE

How Do You Avoid Paying a Ransom?

sporemba's picture
By Sue Poremba July 18, 2016  | Security News

Take Steps to Protect the Data before the Ransomware Attack Happens In a recent study conducted by Radware, C-level executives revealed that they had no interest in paying up if their network was hit by ransomware, but that response came before they were locked out from their data. Once they were actually attacked, nearly half of those executives admitted they have, indeed, paid the ransom. The... READ MORE

Think Your Data Leaks Are Limited To Your Databases? Think Again

eschuman's picture
By Evan Schuman July 7, 2016  | Security News

Security professionals spend an awful lot of time trying to protect sensitive corporate information, locking it away in virtual vaults, as they should. But they often neglect to protect the people who have the keys/combinations to those virtual vaults—in some cases, protecting those key-holders from themselves. This comes to mind as a recent story in The Intercept reminded us of how easy we often... READ MORE

Until We Prioritize Security Training, We Will Remain a Step Behind Cybercriminals

jlavery's picture
By Jessica Lavery June 22, 2016  | Secure Development

Where is your security money going? Typically, it lives at the edges of the network, in operations land. The big spends on items and services such as log aggregators and organizers, firewalls, and penetration testing are generally trusted buys. These are tried-and-true tactics that have withstood the tests of time. But time, as it were, has claimed many a security system. From the low-tech... READ MORE

Optimizing Software Management with a DevSecOps Approach

jlavery's picture
By Jessica Lavery June 15, 2016  | Secure Development

Let’s face it, building software is difficult. It’s mental gymnastics. When your developers are working hard, they’ve likely got at least two hours of ramp up time behind them. Bother them during their meditative state, and you’re resetting that clock, losing hours of potential work. There’s a flow to programming, and when you’re in the zone, the code comes quite freely. It’s those moments when... READ MORE

5 Things Devs Wish CISOs Knew About DevOps

The rapid adoption of DevOps practices in the enterprise has forced a lot of CISOs to rethink their security play books. Gone are the days of testing for security once software engineers are done developing a piece of software. With rapid iterations and continuous delivery of software there is no "done" anymore. Additionally, the fast-paced DevOps model gives engineers the power to... READ MORE

What Kind of Tools Do You Need to Secure Your Mobile Apps?

dstrom's picture
By David Strom May 3, 2016  | Secure Development

The days when everyone is chained to a fixed desktop computer are long over. But it isn’t just about being more mobile, or using more mobile devices, or letting your users bring their own devices and use them at work. It isn’t that the workday is no longer 9-to-5 and users expect to get their jobs done whenever and wherever they might be in the world. No, it is about moving to a completely new... READ MORE

Peripheral Security Issues Today Are Anything But Peripheral

eschuman's picture
By Evan Schuman April 25, 2016  | Security News

Last week, Microsoft issued an optional security alert relating to peripherals and specifically mice. Until the patch is implemented, Microsoft said, the peripheral could receive plain English—aka QWERTY—key packets in keystroke communications issued from receiving USB wireless dongles to the RP addresses of wireless mouse devices. This is a fine way for cyberthieves to hijack wireless mice and... READ MORE

Why is SQL Injection Still Around?

dstrom's picture
By David Strom April 4, 2016  | Secure Development

While there are many Web hacking exploits, none are as simple or as potentially destructive as SQL injection. This isn’t news: the attack method has been around for more than a decade. Sadly, for something so old it is still one of the most popular ways to penetrate networks and extract data. And it is easy to find and almost as easy to avoid. Why is SQL injection still with us? It all comes... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu