Making the Case for AppSec? Break Down Your Budget

Making the Case for AppSec? Break Down Your Budget

The bottom line on corporate decision-making comes down to the bottom line. It’s critical to demonstrate value for any new or expanded initiative. Fall short, and your odds of success are greatly diminished. How do you build the financial case for more robust AppSec, when the focus is on the ... Read More
Know Your Audience to Make the Case for AppSec

Know Your Audience to Make the Case for AppSec

|
Selling senior-level executives on any new concept can often feel like a trek up a mountain with a 60-pound pack on your back. So, how can you take your application security program to a new and better level with less effort? You focus on what’s really important: getting the right ... Read More
Why Are Schools Increasingly Targeted by Cyberattackers?

Why Are Schools Increasingly Targeted by Cyberattackers?

|
Schools, including universities, are increasingly becoming cyberattack targets. Just this month, the Monroe-Woodbury school district in Orange County, NY had to delay the start of school due to cyberattacks. And this incident was only one of a handful of cyberattacks on New York state school districts this summer. One school ... Read More
Key Ways to Make the Case for AppSec Budget

Key Ways to Make the Case for AppSec Budget

Security departments are juggling a multitude of security initiatives, and each is competing for a slice of one budget. How do you make the case that AppSec deserves a slice of that budget pie, or a bigger slice, or even to make the pie bigger? Here are a few key ... Read More
Key Considerations for Secure Coding Training

Key Considerations for Secure Coding Training

Developer training has an essential role in reducing code vulnerabilities and avoiding a breach. Effective application security requires both locating security-related defects, and fixing them. But developers simply aren’t equipped with the knowledge or skills they need to fix these flaws. Veracode recently sponsored the 2017 DevSecOps Global Skills Survey ... Read More
Application Security Beyond Static Analysis

Application Security Beyond Static Analysis

There is no application security “silver bullet” – it takes a combination of testing types to effectively reduce your risk. Each testing method has a different role to play and works best when used in harmony with others. For instance, our research showed that there are significant differences in the ... Read More
Keys to Scaling Your Application Security Program

Keys to Scaling Your Application Security Program

It’s best practice to kick off your AppSec inititive by starting small, scanning your most business-critical apps, and addressing the most severe flaws. But it’s also best practice to scale your program to eventually cover your entire app landscape, and all flaws. Why? First, because you can be breached through ... Read More
What Is Fix Rate, and Why Does It Matter?

What Is Fix Rate, and Why Does It Matter?

Once your application security program is up and running, there are several metrics you can use to gauge your progress and optimize your program. For instance, companies typically measure their scan activity, flaw density, and policy compliance. However, very few include metrics for fix rate, despite the fact that it ... Read More
What Goals Are Right for Your AppSec Program?

What Goals Are Right for Your AppSec Program?

Clear objectives and goals are key to success for any initiative, and AppSec is no exception. But many organizations struggle to establish application security goals, or focus on the wrong goals to the detriment of their program. Below we outline factors to consider when creating goals for your application security ... Read More
Did You Read Our Most Popular 2018 Blog Posts?

Did You Read Our Most Popular 2018 Blog Posts?

Every January, we get a lot of valuable insights by looking back at our most popular blog posts in the previous year, and 2018 was no exception. The posts that resonated the most last year paint a clear picture of topics most important to the security and development communities – ... Read More