Security Needs to Shift Left – and Right

sciccone's picture
By Suzanne Ciccone July 25, 2017  | Managing AppSec
Shift security both left and right

The move to Agile and DevSecOps development processes has fostered a lot of attention on the need to shift security testing left in the development cycle. And this is absolutely a pivot in the right direction. Moving security testing into the realm of the developer makes security testing faster, easier, more effective and less expensive. However, it’s important not to lose sight of the fact that... READ MORE

Podcast: What Our New Survey Reveals About the AppDev/Sec Relationship

sciccone's picture
By Suzanne Ciccone July 21, 2017  | Managing AppSec
AppSec in Review Episode 7

Veracode recently partnered with ESG to conduct a survey of 400 IT, cybersecurity and developer professionals regarding their take on the benefits of AppSec for contemporary software development and deployment. The survey results revealed some positive trends, including the fact that many developers are focusing on security for security’s sake, rather than solely to meet compliance requirements.... READ MORE

How Veracode Integrations Enable Security at DevOps Speed

sciccone's picture
By Suzanne Ciccone July 21, 2017  | Secure Development
speed the dev process with Veracode integrations

Speed and security are the name of the game in software development today. Why? Because software is now key to innovation and competitive advantage for every enterprise in every industry. This means that not only is the pace of software development rapidly increasing, but also that attacks against the application layer are proliferating. In turn, software development speed and security are now... READ MORE

Security Can Be Complicated. Session Management Doesn’t Have To Be.

ahayter's picture
By Adrian Hayter July 18, 2017  | Secure Development
Simplify your approach to session management.

While performing a manual penetration test recently, I encountered a session management system that flew in the face of almost all the recommended security practices. Rather than use a pre-built implementation associated with a development framework, the developers had written one from scratch that, among other things: Generated session tokens based on the user ID and numeric counters. Appended... READ MORE

Podcast: The Necessary Skills for Success in a DevOps World

lpaine's picture
By Laura Paine July 13, 2017  | Secure Development

They don’t make apps like they used to. DevOps has moved away from rows of specialists handling their own tiny segment of code, advancing to a more comprehensive Full Spectrum Engineer. Today’s developers need to have a breadth of skills that can take an idea from inception to production – with one person and no handoffs. What we’re seeing is the natural ebb and flow between the specialist and... READ MORE

Testing the Fences: Software Security Is National Security

jlavery's picture
By Jessica Lavery July 5, 2017  | Security News
Jurassic Park Fences like AppSec?

There is a scene in the movie Jurassic Park where we witness just how smart the velociraptors are. In order to find a way out of their enclosure, the carnivorous dinosaurs are systematically testing the electric fences for weaknesses, making note of where the fences are weakest and where they are strongest. Once a vulnerability is found in the system (in this case a disgruntled employee turning... READ MORE

Why Prevention Is the Only Answer

bfitzgerald's picture
By Brian Fitzgerald June 30, 2017  | Security News

Prevention is often derided as a naïve, outdated notion in information security. Today, the talk in security often centers around the idea of “detection and response.” The thought around this approach is that we must assume attackers will get into our networks – it is not a question of “if” but “when.” Therefore, the only good security is to detect them inside, monitor their actions, and then... READ MORE

The Next Petya Will Be Worse – Why Software Development Must Change

jzorabedian's picture
By John Zorabedian June 28, 2017  | Security News
Petya Ransomware Attack

Another major cyberattack hit computer networks around the globe on Tuesday, beginning in the Ukraine, when a paralyzing ransomware struck websites of government agencies, banks, transportation, and power plants, before spreading to Russia, the UK, U.S., and other nations. Coming just weeks after the WannaCry ransomware wreaked havoc, this new attack – initially believed to be a strain of the... READ MORE

6 Tips for Transforming Technology to Achieve DevSecOps

jzorabedian's picture
By John Zorabedian June 21, 2017  | Secure Development
DevSecOps Technology

The goal of DevSecOps is to build a bridge between fast and secure software development. Some in the DevOps and AppSec universe maintain that the primary foundations of a DevOps or DevSecOps initiative are the right mindset about quality, and processes that support continuous improvement and learning at velocity. Yet you cannot achieve DevSecOps without the right technologies for integrating... READ MORE

Podcast: The OWASP Top 10 List Update: What You Need to Know

sciccone's picture
By Suzanne Ciccone June 19, 2017  | Security News
2017 OWASP Top 10 Release Candidate

The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities. The release candidate... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.