Application Security Mistake No. 6: Going It Alone

Application Security Mistake No. 6: Going It Alone

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the sixth and final post in a blog series that takes a look at some of the most common mistakes we see ... Read More
Application Security Mistake No. 5: Lack of Buy-In

Application Security Mistake No. 5: Lack of Buy-In

|
We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the fifth in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
Veracode Users Talk About Selecting an AppSec Solution

Veracode Users Talk About Selecting an AppSec Solution

|
With the shift to DevSecOps, developers are now primarily responsible for security testing in the early phases of the SDLC. If developers are conducting security testing, the old rules for selecting an application security solution no longer apply. What do application security selection criteria look like in a DevSecOps world? ... Read More
“Shifting Left” Requires Remediation Guidance

“Shifting Left” Requires Remediation Guidance

Shifting security “left” is about more than simply changing the timing of testing. When security shifts to earlier phases of the development lifecycle, it also changes the players responsible for conducting the testing and addressing the results. In the not-so-distant past, the security team would conduct most security testing late ... Read More
Application Security Mistake No. 4: Ignoring AppSec Policies

Application Security Mistake No. 4: Ignoring AppSec Policies

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
Trends in Open Source Security

Trends in Open Source Security

We recently held a Virtual Summit centered on the topic of open source library use and risk. Mark Curphey, CA Veracode’s VP of Strategy, gave the keynote address on trends in this space. Curphey, who is also the founder of OWASP and previously CEO of SourceClear (recently acquired by CA ... Read More
AppSec Mistake No. 3: Neglecting to Integrate AppSec Into Developer Processes

AppSec Mistake No. 3: Neglecting to Integrate AppSec Into Developer Processes

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
AppSec Mistake No. 2: Ignoring Open Source Library Use

AppSec Mistake No. 2: Ignoring Open Source Library Use

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the second in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
The Art of Secure Code

The Art of Secure Code

We think a high-quality and highly secure app is a work of art. As with any artistic endeavor, it takes creativity, resources, training, and talent to create secure code. Maybe it’s a little bit of stretch to compare your software developers to Picasso, but we would argue that there are ... Read More
AppSec Mistake No. 1: Using Only One Testing Type

AppSec Mistake No. 1: Using Only One Testing Type

We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the first in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
Loading...