Did You Read Our Most Popular 2018 Blog Posts?
Every January, we get a lot of valuable insights by looking back at our most popular blog posts in the previous year, and 2018 was no exception. The posts that resonated the most last year paint a clear picture of topics most important to the security and development communities – ... Read More
Key Takeaways From SANS Report: Secure DevOps 2018: Fact or Fiction?
DevOps, with its focus on speed and incremental development, is changing the application security landscape. We’ve talked about this change a lot in the past couple years, and how security should fit into this picture. Now SANS is taking a look at how security actually is fitting into this DevOps ... Read More
How AppSec Reduces Unplanned Work
Unplanned work is the enemy of productivity – in all aspects of life. Any activity that pops up unexpectedly and eats up your time and resources is a productivity killer. You’ve probably experienced this at home – you drop your son at baseball practice, drive home, and then get a ... Read More
State of Software Security Vol 9: Top 4 Takeaways for Developers
We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April ... Read More
State of Software Security Volume 9: Top 5 Takeaways for CISOs
We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April ... Read More
Application Security Mistake No. 6: Going It Alone
We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the sixth and final post in a blog series that takes a look at some of the most common mistakes we see ... Read More
Application Security Mistake No. 5: Lack of Buy-In
We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the fifth in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
Veracode Users Talk About Selecting an AppSec Solution
With the shift to DevSecOps, developers are now primarily responsible for security testing in the early phases of the SDLC. If developers are conducting security testing, the old rules for selecting an application security solution no longer apply. What do application security selection criteria look like in a DevSecOps world? ... Read More
“Shifting Left” Requires Remediation Guidance
Shifting security “left” is about more than simply changing the timing of testing. When security shifts to earlier phases of the development lifecycle, it also changes the players responsible for conducting the testing and addressing the results. In the not-so-distant past, the security team would conduct most security testing late ... Read More
Application Security Mistake No. 4: Ignoring AppSec Policies
We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at some of the most common mistakes we see that lead to ... Read More
