Hellman & Friedman to Acquire Checkmarx at a $1.15B Valuation

10 Easy Ways to Increase Your Application Security Knowledge

If you’re new to the world of security, in whatever capacity, gaining a good understanding of AppSec can seem daunting and distant – but don’t fear. Becoming more application security aware doesn’t have to be hard or time-consuming. It can be as easy as taking a few minutes out of every day to advance your application security knowledge to a higher level – no matter where it stands today.


To help, we’ve gathered ten AppSec areas, and dedicated resources for each, that you can read in your own time to help take your application security knowledge up a few notches.


Build your application security knowledge with the basics – the vulnerabilities that threaten our code.


The basic idea of application security is protecting your applications from being attacked through undetected vulnerabilities, with a high degree of confidence. One of the basic learning steps is to truly understand the vulnerabilities themselves and the best ways to keep them out of our apps in the first place. The Vulnerability Knowledgebase is a great starting point, especially for developers.


Understand the fundamentals of the SDLC – and how security fits into the big picture


Learning the ins and outs of the development lifecycle and where security is best integrated is another crucial step in your AppSec education. How it will work in your organization will differ from others, but knowing where it can be integrated in structures from waterfall to DevOps will help guide your own implementation. To get started, read our Beginner’s Guide to Security Testing in the SDLC.


Do some deep digging on Mobile Application Security


Lots is still left to learn when it comes to mobile application security, as we found in our recent State of Mobile Application Security survey. Applications built for iOS, Android, Windows, as well as hybrid applications continue to be riddled with vulnerabilities, leaving mobile devices, increasingly the center of our lives, open to attack. Catch up on mobile AppSec with these articles:



Learn how to engage your developers (or get engaged) with security

Getting developers engaged – and for developers, getting engaged – with security can pose a challenge. Developers already have a lot on their plates, and some can see security as a burden. It’s not. Being able to code securely is not going to just look good on a resume – in the very near future, it will be an absolute requirement. But approaching the subject in fun and interesting ways is important to getting the point across. 


Here are some ‘quick wins’ to making security interesting – and easy to learn – for developers:



Understand the importance of fixing vulnerabilities early in the SDLC


Once you’ve understand where security testing fits in the SDLC, the next step in increasing your application security knowledge is to learn why fixing vulnerabilities as early in the SDLC as possible is both a business and security imperative. We suggest our Software Security & Early Prevention of Vulnerable Code webinar with Troy Hunt (@troyhunt) and Checkmarx Product Evangelist Amit Ashbel (@aashbel) as they discuss how and why to remediate vulnerabilities early in the SDLC to save time and money later.


Not sure about agile or DevOps environments? Start here:



Get an understanding of the evolving AppSec landscape

The Internet of Things is changing the way we embed application security in our organizations. IoT allows for incredible innovation, but it demands very close attention towards the security aspect. In hospitals, cars, airplanes, and more, the Internet of Things pose both major advantages and challenges that need to be dealt with. Learn more about the challenges and how to address them in our IoT series:



Learn the differences between tools and which ones fit your environment and needs

Specific development and organizational needs will be the main factors in choosing your AppSec toolbox, the solutions used to defend and protect your applications. Learning how security tools from DAST to WAF to SAST (oh my!) work will help guide your decisions. Remove at least some of the confusion with these articles to help you choose the best application security technologies for the job:



Learn how to get involved in the AppSec community, locally or digitally


One of the easiest ways of learning – or at least the most social – is by getting involved in local or online security groups. Whether it’s joining local OWASP meetups, attending BSides conferences, or just subscribing to the hundreds of mailing lists available, just by surrounding yourself with other security people you’ll be helping yourself. Start by getting familiar with AppSec organizations, and recruit other security professionals or developers at your company to get involved with you.


Listen in on application security rockstars conversations


Our last easy way to keep up to date with AppSec news and trending topics is to take to the Twitterverse. Twitter has some of the best minds in the industry constantly sharing their thoughts and content they’re enjoying or learning from, so why not take advantage? Here are thought-leaders in various AppSec expertises to get you started:



What are some other easy wins to add to the list? Share below!


Jump to Category