Application SecurityCISOSDLCsecurity metrics Application Security Metrics: Where (And Why) To Begin? May 15, 2015 by Sarah Vonnegut A wise man once said, “to measure is to know…if you cannot measure it, you cannot improve it.” When it comes to application security, measurements are crucial to the success of your program. But determining how to best combine your measurements into metrics which show your programs value is much more important. As a CISO Read More › Application SecurityCISOSDLCsecurity metrics
AppSec ProgramCISODeveloper EducationThreat Modeling 6 Tips for Ensuring Your Application Security Program Isn’t a Flop May 8, 2015 by Sarah Vonnegut Baking security in to our applications is just not an option anymore. The explosion of the number of applications within organizations, coupled with the constant breaches we hear about (and the many more we don’t) don’t allow room for complacency when it comes to securing your organization and customer data. Yet CISOs and security managers Read More › AppSec ProgramCISODeveloper EducationThreat Modeling
XSS: The Definitive Guide to Cross-Site Scripting Prevention Apr 14, 2015 by Sarah Vonnegut As old as web browsers themselves, cross-site scripting (XSS) has been an ongoing issue in the security world. Its’ consistent appearance on the OWASP Top 10 and in news reports of cross-site scripting attacks has kept the security issue in the spotlight over the years. Yet after two decades the security issue remains one of the Read More ›
Application Securityopen sourcesoftware development lifecyclewhitesource 3 Things to Know About Managing Open Source Components in Your App Mar 5, 2015 by Sharon Solomon Manage your software where it’s created. It is in your continuous integration environment where the various pieces of code become software. While some of the software is proprietary, much of it (probably over 50%) is open source components, as your development teams use open source components to boost their productivity and make better products. You most Read More › Application Securityopen sourcesoftware development lifecyclewhitesource
DevSecOpsinformation securitySDLC 5 Habits of Highly Effective Application Security Leaders Jan 26, 2015 by Sarah Vonnegut In our global, digital world, data is king – and malicious attackers are on a constant lookout for ways to conquer the throne. With a rapidly changing business landscape,the old, reactive approaches to security are no longer enough – if they ever were. Effective application security leaders are changing their tactics to keep up with the transformations. Read More › DevSecOpsinformation securitySDLC
AndroidBURP SuitechromeCross-Site Request ForgeryCSRFHeartbleedShellshock 15 AppSec Tips From the Top Ethical Hackers of 2014 Dec 31, 2014 by Sharon Solomon 2014 will go down as the year of the mega-attacks. It all started off during last years holiday season with the Target hackings that affected over 100 million customers. Soon the Heartbleed and Shellshock vulnerabilities were exposed, causing havoc all across the planet. The hackings kept on coming in the latter stages of the year Read More › AndroidBURP SuitechromeCross-Site Request ForgeryCSRFHeartbleedShellshock
Application SecuritySDLCSecure CodingsSDLC Ensuring your developers love – or at least don’t hate – security Aug 14, 2014 by Sarah Vonnegut This post originally appeared on SCMagazine.com. By Maty Siman, Checkmarx Founder & CTO When it comes to an organization’s software security, there’s been a chronic disconnect between the developers who write and build the code and the security teams who audit and enforce the code’s security. This divide historically arose from common misunderstandings: programmers believe that Read More › Application SecuritySDLCSecure CodingsSDLC
BSIMMSDLsSDLC Building Secure Applications: How Mature Are You? Jul 29, 2014 by Sarah Vonnegut Dave Ferguson is back with another guest blog! Make sure you check out his blog here, and read his original post, ‘Keeping Up With The Hackers: Where to Practice Your Web Hacking Skills,’ here. Testing your software for vulnerabilities is important. There’s no doubt about it, but if there’s something I’ve learned over the years when Read More › BSIMMSDLsSDLC
AgileEclipseHackingOWASPPCISDLCSQL InjectionsSDLCSVNTFSVisual Studio 7 Tips For Choosing The Right Tool To Secure Your Application May 14, 2014 by Sharon Solomon With more and more leading applications and websites are being hacked, internet users are thinking twice before sharing personal information online. With hacktivism, commercial espionage and criminal hackings on the rise, it has become extremely crucial to safeguard databases and make sure that adequate application-layer security is in place. Unfortunately, the responsibility for providing this Read More › AgileEclipseHackingOWASPPCISDLCSQL InjectionsSDLCSVNTFSVisual Studio
Cyber SecurityLikejackMalwareToolbarTrojansWorms Top 5 Symptoms Of Hacked Computers Jan 8, 2014 by Sharon Solomon Cybercrime has reached epidemic proportions. More and more computers are being exploited with intrusive malware and sophisticated hacking techniques. It’s very crucial to detect intrusions to minimize data loss and avoid privacy theft. Read More › Cyber SecurityLikejackMalwareToolbarTrojansWorms