Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

That “Oh Crap” Moment of Product Management

anielsen's picture
By Anne Nielsen March 9, 2016  | Secure Development

How to avoid putting your customer’s data at risk... Nothing stinks worse for a product manager than hearing there is a security issue in the amazing feature you just released. Yes, that one you created specifically for your very important client. Telling your previously elated buyer that the new do-dad you created specifically for them – based on their unsolicited, but completely... READ MORE

Where AppSec has let me down

jcratty's picture
By Jeff Cratty February 24, 2016  | Intro to AppSec | Secure Development 5

There are a lot of great perks that come with being a developer.  On the upside, I enjoy the challenge of developing solutions to real world problems with peers in UX, PM, QA, Ops, etc.  I love the creative process and the energy a team has when we are firing in the same direction at the same time.  I love building the stuff and making the team hum.  I love that sense of... READ MORE

How to Train a Globally Distributed Development Team

alee's picture
By Amanda Lee February 10, 2016  | Managing AppSec | Secure Development

How companies with successful AppSec programs train globally distributed teams on secure development practices and security guidelines. Every large organization now has a complex and globally distributed software development process. It doesn’t matter whether your developers are in-house or out-sourced; based in Bangalore or Boston, the expectation is that quality, bug-free, secure software... READ MORE

3 Ways to Get Your Development Team on Board with Application Security

working-with-development-team.png Protecting enterprise data and assets is a daunting task. According to IT industry organization ISACA, 82 percent of respondents to an April 2015 survey indicated that their enterprise is now "likely" or "very likely" to be attacked — only 1 percent said it's "not at all likely." Meanwhile, the average annual... READ MORE

Docker and JAVA_OPTS

pambrosini's picture
By Paul Ambrosini December 22, 2015

While adjusting some environment variables recently, I came across an odd issue with Docker, Spring Boot and JAVA_OPTS. JAVA_OPTS comes from the Tomcat/Catalina world and when searching for "Docker and javaopts" on Google you'll find many references to just adding JAVA_OPTS to the Docker environment. After some testing, I found this to be incorrect when running a Spring Boot jar in a Docker... READ MORE

Mother May I – a Story of Application Privilege Security

bmonroe's picture
By Bob Monroe December 15, 2015  | Secure Development

Our mothers all want the best for us. They raised us to ensure we didn’t do anything crazy like run out in front of traffic or play with broken glass. 41066821_m.jpg More often than not, we had to ask for permission to do things like swim at our friend’s house or eat all of our Halloween candy in one sitting. Our moms then did their motherly duties of checking in with... READ MORE

HTTP Security Headers in Plain English

cfenton's picture
By Caleb Fenton November 3, 2015

Understanding and configuring HTTP security settings can be confusing. There are lots of guides that serve as great technical references for all the different settings, but the purpose of this post is to explain what we have learned implementing a security policy by explaining the various security settings in a simple way. This will also be the first post discussing our Security Headers and CSP... READ MORE

Vulnerability Profile: LDAP Injection (and How to Protect Against It)

ewade's picture
By Evan Wade October 13, 2015

In some ways, all injection attacks are the same. The hacker puts code in some form of user input field, attempting to trick the machines on the other end into granting information or access they shouldn't. If successful, the hacker then uses these ill-gotten gains to carry out damaging attacks like information theft, browser/session hijacking, site defacement, and so on. But the devil is in the... READ MORE

It's True: DevOps and Security Can Play Nice

ewade's picture
By Evan Wade September 25, 2015  | Secure Development

It's no secret that DevOps was designed to address the drawbacks of traditional "waterfall" and "scrum-but" development practices over the years. And while new ways to build software are about as common as unique startup business models these days, it's clear the methodology is at least successful at addressing some long-standing issues. If your goal is to improve... READ MORE

DevOps and Automation: A Recipe for Stronger, More Secure Software

ewade's picture
By Evan Wade September 22, 2015  | Secure Development

If you made a list of the technological tools used by multiple software development methodologies, automation would have to be somewhere near the top. Anything that reduces the rote, repetitive work developers, security personnel and others have to handle in the process of app creation is a good thing; combine that with the reduced costs and lower risk that automation usually introduces into a... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu