The Globalization of Security Testing: A World of Good (Standards)

Surely and not-so-slowly, the concept of “internationality” is disappearing — at least in terms of the free exchange of information — and the tiny, expensive devices in our pockets and purses are leading the charge. For end users, the benefits of global information access are as obvious as they are numerous, especially thanks to apps […]

Security Assessment, Speed — and the Death of Mutual Exclusivity

Maintaining focus is important, but priorities shift. Those seven words sum up a conflict as old as time in the world of software development, where sharpening focus in one area inevitably causes a need for improvement in another. If anything, it’s a testament to the cyclical nature of development as a whole: Any change, from […]

Threats in Custom App Development: Enterprises’ Lack of Security

There is no greater threat to information security than the belief that systems are secure when, in fact, they are anything but. The growth in popularity of custom app development over the past few years has created a situation where many enterprises have thousands of applications in production with little or no security testing behind […]

Secure Development – One Bathroom Break At A Time

Google went to great lengths to educate their developers about the benefits of security testing – even developing educational materials specifically to be read on the toilet. There’s enough evidence in favor of the use of security testing throughout the development cycle as to make “debates” about it moot. Still, many software development operations still […]

5 Things You Can Do With the Veracode API

When you use the Veracode API you get an economy of scale through automation. One customer uploaded and scanned 100 applications concurrently over a weekend. Another one scheduled monthly recurring scans. “Application programming interface” (API) is more than jargon. It is the industrial revolution (automation) meets the information age (your application security intelligence). Here are […]

The Rise of Application Security Requirements and What to Do About Them

As an engineering manager, I am challenged to keep pace with ever-expanding expectations for non-functional software requirements. One requirement, application security, has become increasingly critical in recent years, posing new challenges for software engineering teams. In what manner has security emerged as an application requirement? Are software teams equipped to respond? What can engineering managers […]

Yo, A Cautionary Tale for the VC Community

By Chris Lynch, Partner, Atlas Venture The story of Yo will be used as a cautionary tale in the VC community for years to come. Only a few days after receiving a much talked about $1.2 million in series “A” funding from Angel investor and serial entrepreneur Moshe Hogeg, Yo suffered a massive security breach. […]

Secure Agile Q&A: API’s, IDE’s and Environment Integration

A few weeks back, I hosted a webinar called “Secure Agile Through Automated Toolchains: How Veracode R&D Does It”, and in this webinar I discussed the importance of security testing and how to integrate it into the Agile SDLC. There were so many questions from our open discussion following the webinar that I have taken […]

Video Survey: How Would You Involve Software Development Teams in AppSec?

We’re back with another question for security pros around the world. This video is part of our Future of Application Security series where we asked a group of appsec professionals in attendance at RSA Conference 2014 their thoughts around some of the biggest industry topics. Check out the video and if you have an opinion, […]

1 2 3 6