To help, we’ve gathered ten AppSec areas, and dedicated resources for each, that you can read in your own time to help take your application security knowledge up a few notches.
The basic idea of application security is protecting your applications from being attacked through undetected vulnerabilities, with a high degree of confidence. One of the basic learning steps is to truly understand the vulnerabilities themselves and the best ways to keep them out of our apps in the first place. The Vulnerability Knowledgebase is a great starting point, especially for developers.
Learning the ins and outs of the development lifecycle and where security is best integrated is another crucial step in your AppSec education. How it will work in your organization will differ from others, but knowing where it can be integrated in structures from waterfall to DevOps will help guide your own implementation. To get started, read our Beginner’s Guide to Security Testing in the SDLC.
Lots is still left to learn when it comes to mobile application security, as we found in our recent State of Mobile Application Security survey. Applications built for iOS, Android, Windows, as well as hybrid applications continue to be riddled with vulnerabilities, leaving mobile devices, increasingly the center of our lives, open to attack. Catch up on mobile AppSec with these articles:
Getting developers engaged – and for developers, getting engaged – with security can pose a challenge. Developers already have a lot on their plates, and some can see security as a burden. It’s not. Being able to code securely is not going to just look good on a resume – in the very near future, it will be an absolute requirement. But approaching the subject in fun and interesting ways is important to getting the point across.
Here are some ‘quick wins’ to making security interesting – and easy to learn – for developers:
Once you’ve understand where security testing fits in the SDLC, the next step in increasing your application security knowledge is to learn why fixing vulnerabilities as early in the SDLC as possible is both a business and security imperative. We suggest our Software Security & Early Prevention of Vulnerable Code webinar with Troy Hunt (@troyhunt) and Checkmarx Product Evangelist Amit Ashbel (@aashbel) as they discuss how and why to remediate vulnerabilities early in the SDLC to save time and money later.
The Internet of Things is changing the way we embed application security in our organizations. IoT allows for incredible innovation, but it demands very close attention towards the security aspect. In hospitals, cars, airplanes, and more, the Internet of Things pose both major advantages and challenges that need to be dealt with. Learn more about the challenges and how to address them in our IoT series:
Specific development and organizational needs will be the main factors in choosing your AppSec toolbox, the solutions used to defend and protect your applications. Learning how security tools from DAST to WAF to SAST (oh my!) work will help guide your decisions. Remove at least some of the confusion with these articles to help you choose the best application security technologies for the job:
One of the easiest ways of learning – or at least the most social – is by getting involved in local or online security groups. Whether it’s joining local OWASP meetups, attending BSides conferences, or just subscribing to the hundreds of mailing lists available, just by surrounding yourself with other security people you’ll be helping yourself. Start by getting familiar with AppSec organizations, and recruit other security professionals or developers at your company to get involved with you.
Our last easy way to keep up to date with AppSec news and trending topics is to take to the Twitterverse. Twitter has some of the best minds in the industry constantly sharing their thoughts and content they’re enjoying or learning from, so why not take advantage? Here are thought-leaders in various AppSec expertises to get you started:
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.